Page 1 of 1

myQNAPcloud and security

Posted: Mon Jun 29, 2020 12:08 am
by spile
I am confused.
MyQNAPcloud is a current product, promoted by QNAP as "a cloud service provided by QNAP for you to remotely connect to your QNAP devices and to share your files securely."
Source: https://support.myqnapcloud.com/faq/wha ... ud?lang=en and https://www.qnap.com/en/how-to/tutorial ... ud-service

It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.

1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?

Re: myQNAPcloud and security

Posted: Mon Jun 29, 2020 4:12 am
by OneCD
spile wrote:
Mon Jun 29, 2020 12:08 am
MyQNAPcloud is a current product, promoted by QNAP as "a cloud service provided by QNAP for you to remotely connect to your QNAP devices and to share your files securely."
Unfortunately, QNAP's marketing dept are detached from reality. Their hope is that the quoted statement will eventually be true. :S
spile wrote:
Mon Jun 29, 2020 12:08 am
It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.
The answers provided by @dm in that topic are still correct. There's nothing more to add. (I'll also need to lock it now to prevent anyone reviving it. ;) )

Re: myQNAPcloud and security

Posted: Tue Jun 30, 2020 5:01 am
by spile
Thank you for your reply. Please can you answer 1) and 2) above. Thank you.

Re: myQNAPcloud and security

Posted: Tue Jun 30, 2020 5:26 am
by dolbyman
1) myqnapcloud is a DDNS service (mainly) nothing secure or insecure about it, QTS system is not hardened enough to be exposed to the net
2) unclear what a security advisory is supposed to (dis)prove , please elaborate

Re: myQNAPcloud and security

Posted: Sun Jul 05, 2020 4:54 am
by jaysona
spile wrote:
Mon Jun 29, 2020 12:08 am
I am confused.

....
That means QNAP marketing has succeeded in their job. :P :lol:
1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?
On a more serious note;

1a. I can not answer for myQnapcloud - i do not use it, and probably never will.
1b. QTS is inherently insecure, however there is no safety (safety != security, therefore the words are not interchangeable) issue with QTS.
1c. If you want to protect your NAS from being hacked and keeping the data it stores secure, then do not expose the QTS Admin web page and do not expose any QTS applications to the Internet.

2. QNAP has issued several security warnings because QNAP had no choice after someone publicly disclosed vulnerabilities about some of the QTS applications, and those vulnerabilities were actively being exploited in order to compromise QNAP NAS units that had QTS applications exposed to the Internet.