myQNAPcloud and security
- spile
- Know my way around
- Posts: 244
- Joined: Tue May 24, 2016 12:13 am
myQNAPcloud and security
I am confused.
MyQNAPcloud is a current product, promoted by QNAP as "a cloud service provided by QNAP for you to remotely connect to your QNAP devices and to share your files securely."
Source: https://support.myqnapcloud.com/faq/wha ... ud?lang=en and https://www.qnap.com/en/how-to/tutorial ... ud-service
It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.
1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?
MyQNAPcloud is a current product, promoted by QNAP as "a cloud service provided by QNAP for you to remotely connect to your QNAP devices and to share your files securely."
Source: https://support.myqnapcloud.com/faq/wha ... ud?lang=en and https://www.qnap.com/en/how-to/tutorial ... ud-service
It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.
1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?
- OneCD
- Ask me anything
- Posts: 8480
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: myQNAPcloud and security
Unfortunately, QNAP's marketing dept are detached from reality. Their hope is that the quoted statement will eventually be true.

The answers provided by @dm in that topic are still correct. There's nothing more to add. (I'll also need to lock it now to prevent anyone reviving it.spile wrote: ↑Mon Jun 29, 2020 12:08 amIt is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.

- spile
- Know my way around
- Posts: 244
- Joined: Tue May 24, 2016 12:13 am
Re: myQNAPcloud and security
Thank you for your reply. Please can you answer 1) and 2) above. Thank you.
- dolbyman
- Guru
- Posts: 21287
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: myQNAPcloud and security
1) myqnapcloud is a DDNS service (mainly) nothing secure or insecure about it, QTS system is not hardened enough to be exposed to the net
2) unclear what a security advisory is supposed to (dis)prove , please elaborate
2) unclear what a security advisory is supposed to (dis)prove , please elaborate
- jaysona
- Easy as a breeze
- Posts: 467
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: myQNAPcloud and security
That means QNAP marketing has succeeded in their job.


On a more serious note;1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?
1a. I can not answer for myQnapcloud - i do not use it, and probably never will.
1b. QTS is inherently insecure, however there is no safety (safety != security, therefore the words are not interchangeable) issue with QTS.
1c. If you want to protect your NAS from being hacked and keeping the data it stores secure, then do not expose the QTS Admin web page and do not expose any QTS applications to the Internet.
2. QNAP has issued several security warnings because QNAP had no choice after someone publicly disclosed vulnerabilities about some of the QTS applications, and those vulnerabilities were actively being exploited in order to compromise QNAP NAS units that had QTS applications exposed to the Internet.
H/W: TS-219 Pro / TS-269 Pro / TS-253 Pro (8Gig) / TS-509 Pro x2 / TS-569 Pro
H/W: TS-670 Pro (i7-3770S 16Gig) x2 / TS-853 Pro (8Gig) / TVS-871 Pro (i7-4790S 16Gig)
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 384.19
Router2: Asus RT-AC68U - DD-WRT v3.0-r39960M kongac
Router3: Linksys WRT1900AC - DD-WRT v3.0-r43028 std
Router4: Asus RT-AC66U - FreshTomato v2020.7
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
H/W: TS-670 Pro (i7-3770S 16Gig) x2 / TS-853 Pro (8Gig) / TVS-871 Pro (i7-4790S 16Gig)
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 384.19
Router2: Asus RT-AC68U - DD-WRT v3.0-r39960M kongac
Router3: Linksys WRT1900AC - DD-WRT v3.0-r43028 std
Router4: Asus RT-AC66U - FreshTomato v2020.7
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
-
- Easy as a breeze
- Posts: 280
- Joined: Fri Mar 31, 2017 7:09 am
Re: myQNAPcloud and security
myQNAPcloud allows you to access your NAS remotely without needing to do port forwarding. What this means, is that even if there were vulnerabilities not yet patched on your QNAP, it would be very hard to exploit those vulnerabilities if you had no ports open. So myQNAPcloud is a secure way to access your NAS remotely through a qlink that removes the need for port forwarding. I would recommend making the myQNAPcloud password something very hard to guess.
Another way to access the NAS securely it to use VPN. We have the QVPN app of you want to make the QNAP the VPN server and we are releasing the QHora router that can also be a VPN server. VPN allows you use some features that you can't use through a qlink and in general, I think QVPN is the better way. But not every customer is as technical as the average person who posts on this forum and some of them are intimidated by trying to set up a VPN. So myQNAPcloud makes it easy to access your data remotely without exposing potential vulnerabilities by opening ports to the internet.
Of course, we still recommend keeping your NAS firmware and apps up to date so you can apply the latest security patches. But there is a lot of safety in not needing to open ports to the internet to access your NAS remotely.
Another way to access the NAS securely it to use VPN. We have the QVPN app of you want to make the QNAP the VPN server and we are releasing the QHora router that can also be a VPN server. VPN allows you use some features that you can't use through a qlink and in general, I think QVPN is the better way. But not every customer is as technical as the average person who posts on this forum and some of them are intimidated by trying to set up a VPN. So myQNAPcloud makes it easy to access your data remotely without exposing potential vulnerabilities by opening ports to the internet.
Of course, we still recommend keeping your NAS firmware and apps up to date so you can apply the latest security patches. But there is a lot of safety in not needing to open ports to the internet to access your NAS remotely.
-
- New here
- Posts: 9
- Joined: Tue Oct 20, 2020 8:19 pm
Re: myQNAPcloud and security
@QNAPDanielFL
Hi,
I set up my VPN with qbelt.
I was trying to connect to the NAS when I was out of the home network from my laptop.
Sometimes I succeed and I have a list of apps and sometimes it does not fully connect.
Meaning that there is a message "limited access: ... will only provide vpn connection"
No app is active in this mode.
What does it allow to do in this situation?
Hi,
I set up my VPN with qbelt.
I was trying to connect to the NAS when I was out of the home network from my laptop.
Sometimes I succeed and I have a list of apps and sometimes it does not fully connect.
Meaning that there is a message "limited access: ... will only provide vpn connection"
No app is active in this mode.
What does it allow to do in this situation?
-
- Easy as a breeze
- Posts: 280
- Joined: Fri Mar 31, 2017 7:09 am
Re: myQNAPcloud and security
Did you choose a DNS server for Qbelt?
If not, then you can VPN to the NAS but can't access the internet?
Is that the issue you have? That you can VPN to the NAS but can't access the internet when you do?
If not, then you can VPN to the NAS but can't access the internet?
Is that the issue you have? That you can VPN to the NAS but can't access the internet when you do?
-
- New here
- Posts: 9
- Joined: Tue Oct 20, 2020 8:19 pm
Re: myQNAPcloud and security
first, so sorry for my English (I try to do my best
)
I choose "NAS default" for the dns.
the situation:
I am at work/friend - connected with my laptop to Wi-Fi.
open the QVPN app on my laptop and try to establish a VPN connection.
when it works then:
and it is just show connected, but no app show on list, also my IP stay on the Wi-Fi network (work/friend).

I choose "NAS default" for the dns.
the situation:
I am at work/friend - connected with my laptop to Wi-Fi.
open the QVPN app on my laptop and try to establish a VPN connection.
when it works then:
- I can see my home network IP if I go to "what is my IP" on google.
- I get a new internal IP from the VPN client pool (10.6.0.*)
- I see all of my published apps so I can connect them:
FYI - the container station can work only if I connect though VPN (not from cloud or qlink.to/mynas)
and it is just show connected, but no app show on list, also my IP stay on the Wi-Fi network (work/friend).