SSL transport layer encryption adds no security for your NAS (it prevents evesdropping and authenticates the target), any exploit would still be applied.Christiaan5 wrote: ↑Thu Oct 15, 2020 2:37 amWhen I access via xxx.myqnapcloud.com I always access with Secure login. Because of this, I did wonder if I could disable the NAS Web access port...do you know this?
And yes I do use the default ports, but no one tells me what other port would be better...what do you suggest?
Do not port forward any QTS (Admin login) or Station (video,photo,audio) to the WAN by port forwarding, they have been used many times in the past for attacks and infections
See here,Christiaan5 wrote: ↑Thu Oct 15, 2020 2:37 amYou write "exploits do not care about password strength", I would think a password of 3 characters is easier to hack then 30 characters. They will need to try many times and then my IP Access Protection blocks the IP for a day, so they get 365x5 attempts in a year, but I will notice this earlier and I will block the IP forever. Probably there are tricks so one server can access via multiple IP-addresses, but my data has no value to anyone else, so why would they spend time on this?
https://en.wikipedia.org/wiki/Exploit_( ... _security)
Your password is not even used, it is circumvented
Any device on your LAN can request port forwards to be made and "defeat the security" of NAT, it creates an rogue security hole in your home.Christiaan5 wrote: ↑Thu Oct 15, 2020 2:37 amSure I understand that UPnP is less safe, but first they need to get into my LAN to change/use it right? In my situation they would first need to hack into the NAS and next they could probably change the port-forwarding in my router. If they hack into my NAS they already have all information, so if they open more ports afterwards will not make any difference for me anymore.
I posted these earlier, check this forum,reddit,bleeping computer off all the tears shed by people that lost all their data, it's not a theoryChristiaan5 wrote: ↑Thu Oct 15, 2020 2:37 amYou also write "So you either have been very lucky so far, or already have been hacked without knowlage (cryptominers, etc)". I guess you are a very knowledgeable person when it comes to network security, but 80% of the people I know, know even 25% of what I understand about network security. Why do they not get hacked all the time? I believe because of your knowledge you believe the internet is an unsafe place in general and yet almost everybody is connected to it the whole day long.
https://www.zdnet.com/article/cisa-says ... h-malware/
https://www.zdnet.com/article/qnap-nas- ... e-attacks/
https://www.zdnet.com/article/qnap-tell ... ansomware/
The danger is people exposing unsafe network equipment to the public web and with the rise of untraceable crypto currencies, criminals found a way to extort money from private households and corporation alike with little ways of being detected.
Ransomware cares only about the value of the data to YOURSELF, that is how they extort money out of you ... do you have full external backups of your NAS data at all times ? .. if no .. you are a prime target
Close all ports, use a router with a VPN server, use that to access your NAS from outside of your home. (there is plenty of guides google can provide) hosting your own VPN has nothing to do with privacy VPN providers that are pushed by every social media spokesperson (and their grandma)Christiaan5 wrote: ↑Thu Oct 15, 2020 2:37 amIf you have great idea's how we can improve safety of our NAS, please share. Please do be practical, because I am not a computer whizzkids. I also try to understand what you wrote about site2site VPN, but I also simply do not understand how to create this.
Any input is always welcome.