myQNAPcloud and security

Post your questions about myQNAPcloud service here.
Post Reply
User avatar
spile
Know my way around
Posts: 190
Joined: Tue May 24, 2016 12:13 am

myQNAPcloud and security

Post by spile » Mon Jun 29, 2020 12:08 am

I am confused.
MyQNAPcloud is a current product, promoted by QNAP as "a cloud service provided by QNAP for you to remotely connect to your QNAP devices and to share your files securely."
Source: https://support.myqnapcloud.com/faq/wha ... ud?lang=en and https://www.qnap.com/en/how-to/tutorial ... ud-service

It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.

1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?

User avatar
OneCD
Ask me anything
Posts: 8102
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: myQNAPcloud and security

Post by OneCD » Mon Jun 29, 2020 4:12 am

spile wrote:
Mon Jun 29, 2020 12:08 am
MyQNAPcloud is a current product, promoted by QNAP as "a cloud service provided by QNAP for you to remotely connect to your QNAP devices and to share your files securely."
Unfortunately, QNAP's marketing dept are detached from reality. Their hope is that the quoted statement will eventually be true. :S
spile wrote:
Mon Jun 29, 2020 12:08 am
It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.
The answers provided by @dm in that topic are still correct. There's nothing more to add. (I'll also need to lock it now to prevent anyone reviving it. ;) )

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage

User avatar
spile
Know my way around
Posts: 190
Joined: Tue May 24, 2016 12:13 am

Re: myQNAPcloud and security

Post by spile » Tue Jun 30, 2020 5:01 am

Thank you for your reply. Please can you answer 1) and 2) above. Thank you.

User avatar
dolbyman
Guru
Posts: 20463
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: myQNAPcloud and security

Post by dolbyman » Tue Jun 30, 2020 5:26 am

1) myqnapcloud is a DDNS service (mainly) nothing secure or insecure about it, QTS system is not hardened enough to be exposed to the net
2) unclear what a security advisory is supposed to (dis)prove , please elaborate

User avatar
jaysona
Easy as a breeze
Posts: 354
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: myQNAPcloud and security

Post by jaysona » Sun Jul 05, 2020 4:54 am

spile wrote:
Mon Jun 29, 2020 12:08 am
I am confused.

....
That means QNAP marketing has succeeded in their job. :P :lol:
1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?
On a more serious note;

1a. I can not answer for myQnapcloud - i do not use it, and probably never will.
1b. QTS is inherently insecure, however there is no safety (safety != security, therefore the words are not interchangeable) issue with QTS.
1c. If you want to protect your NAS from being hacked and keeping the data it stores secure, then do not expose the QTS Admin web page and do not expose any QTS applications to the Internet.

2. QNAP has issued several security warnings because QNAP had no choice after someone publicly disclosed vulnerabilities about some of the QTS applications, and those vulnerabilities were actively being exploited in order to compromise QNAP NAS units that had QTS applications exposed to the Internet.
H/W: TS-219 Pro / TS-269 Pro / TS-253 Pro (8Gig) / TS-509 Pro x2 / TS-569 Pro
H/W: TS-670 Pro (i7-3770S 16Gig) x2 / TS-853 Pro (8Gig) / TVS-871 Pro (i7-4790S 16Gig)
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 384.19
Router2: Asus RT-AC68U - DD-WRT v3.0-r39960M kongac
Router3: Linksys WRT1900AC - DD-WRT v3.0-r43028 std
Router4: Asus RT-AC66U - FreshTomato v2020.7
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)

QNAPDanielFL
Easy as a breeze
Posts: 254
Joined: Fri Mar 31, 2017 7:09 am

Re: myQNAPcloud and security

Post by QNAPDanielFL » Sat Nov 14, 2020 12:39 am

myQNAPcloud allows you to access your NAS remotely without needing to do port forwarding. What this means, is that even if there were vulnerabilities not yet patched on your QNAP, it would be very hard to exploit those vulnerabilities if you had no ports open. So myQNAPcloud is a secure way to access your NAS remotely through a qlink that removes the need for port forwarding. I would recommend making the myQNAPcloud password something very hard to guess.

Another way to access the NAS securely it to use VPN. We have the QVPN app of you want to make the QNAP the VPN server and we are releasing the QHora router that can also be a VPN server. VPN allows you use some features that you can't use through a qlink and in general, I think QVPN is the better way. But not every customer is as technical as the average person who posts on this forum and some of them are intimidated by trying to set up a VPN. So myQNAPcloud makes it easy to access your data remotely without exposing potential vulnerabilities by opening ports to the internet.

Of course, we still recommend keeping your NAS firmware and apps up to date so you can apply the latest security patches. But there is a lot of safety in not needing to open ports to the internet to access your NAS remotely.

boubi
New here
Posts: 7
Joined: Tue Oct 20, 2020 8:19 pm

Re: myQNAPcloud and security

Post by boubi » Mon Nov 16, 2020 11:29 pm

@QNAPDanielFL
Hi,
I set up my VPN with qbelt.
I was trying to connect to the NAS when I was out of the home network from my laptop.
Sometimes I succeed and I have a list of apps and sometimes it does not fully connect.
Meaning that there is a message "limited access: ... will only provide vpn connection"

No app is active in this mode.
What does it allow to do in this situation?

QNAPDanielFL
Easy as a breeze
Posts: 254
Joined: Fri Mar 31, 2017 7:09 am

Re: myQNAPcloud and security

Post by QNAPDanielFL » Tue Nov 17, 2020 5:47 am

Did you choose a DNS server for Qbelt?
If not, then you can VPN to the NAS but can't access the internet?

Is that the issue you have? That you can VPN to the NAS but can't access the internet when you do?

boubi
New here
Posts: 7
Joined: Tue Oct 20, 2020 8:19 pm

Re: myQNAPcloud and security

Post by boubi » Tue Nov 17, 2020 3:36 pm

first, so sorry for my English (I try to do my best :) )

I choose "NAS default" for the dns.
the situation:
I am at work/friend - connected with my laptop to Wi-Fi.
open the QVPN app on my laptop and try to establish a VPN connection.
when it works then:
  • I can see my home network IP if I go to "what is my IP" on google.
  • I get a new internal IP from the VPN client pool (10.6.0.*)
  • I see all of my published apps so I can connect them:
    FYI - the container station can work only if I connect though VPN (not from cloud or qlink.to/mynas)
When it partially work, I see the message "limited access:... will only provide VPN connection"
and it is just show connected, but no app show on list, also my IP stay on the Wi-Fi network (work/friend).

Post Reply

Return to “myQNAPcloud service”