This part within quote pertains to how safe it is to host stuff from your QNAP online. it explores that loaded question for people wanting to use their qnap nas remotely, whether it be to access an app, or their shares.
QNAP Secure Hosting: Is it Even Possible? (slides from this video)
https://www.youtube.com/watch?v=Moe2YtUnUtI
How to Make QNAP NAS Secure
https://www.youtube.com/watch?v=fL2qGwRUq38
Secure Your QNAP NAS Immediately From Latest Wave of Attacks
https://www.servethehome.com/secure-you ... f-attacks/
Scotti-BYTE Enterprise Consulting Services youtube channel has a lot of indepth explanations regarding this. it's worth checking out
So he mentions avoid qpkgs, but i think if you are only using qpkgs in your lan only, they should be fine.
But for things you need remote, then containerized apps that is setup properly and using traefic reverse proxy and vpn (maybe also do vlan using managed switch as also suggested) is probably the way to go
viewtopic.php?f=354&t=168577
the simplest answer, if you don't need remote access whether to shares or apps from your nas over the internet, then just do not port forward at all. Pfsense router/firwall by default (change your password) is not exposing your network online, so you should be able to use your qnap nas fine behind it. the trouble only begins once u try enabling upnp, or start opening up ports willy nilly without understanding the security aspects that you ignored while doing so. And this is why people get hit by malware, because they expose their nas online without knowing what they are doing
and not to scaremonger, but i use qpkgs just fine without issue. but at the same time i do not expose my nas online or use any sort of remote. so if your use case is similar to mine, then qpkgs are perfectly fine on the lan.
*update
seeing as there are already people creating strawman arguments guess i have to clarify the youtuber mentions qpkgs, though whether he meant the qnap only qpkgs (e.g. station), or all qpkgs in general, i have no idea (you have to ask him that). For myself i can only say i used qpkgs (both qnaps own like photostation, and third party qpkgs) on lan just fine. If you think the youtuber said something wrong or need clarification of what he meant, you can go to his channel and ask there. as for myself, i merely explained my own experience as having no issues using qpkgs in my no remote/no exposing nas to online setting, and having no issues with that whatsoever. that said i do notice every so often a qnap station app shows up requiring a patch (so in regards to station qpkgs, maybe is better not to use them in situation u r doing some sort of remote https://www.qnap.com/en-us/security-advisories/ "use keyword station" this is my own understanding of the situation). no idea about other third parties qpkgs but these days i tend to use containerized docker apps for my own use when possible. hopefully that clarifies, but i already know this won't make a difference to some people since they are dead set on certain narratives i don't pay attention to trolls most of the time anyway lelz.
another aspect that needs to be looked at is your network setup. i usually find lawrence's videos to be insightful for these types of configurations. in his examples he usually uses pfsense. in some of his example he does remote, which i don't use so i skip those parts. but if you are curious how thats done, you can see his guides/walkthroughs how that is setup
Basic Setup and Configuring pfsense Firewall Rules For HomeVirtual Tour of Our Network and How We Keep Things Secure Using the pFSense FirewallCode: Select all
https://www.youtube.com/watch?v=bjr0rm93uVA
Office Network Design and Planning with VLANs, LLDP, Rules, IoT, Guest using UniFi & pfsenseCode: Select all
https://www.youtube.com/watch?v=gNKpRlRqQrk
Code: Select all
https://www.youtube.com/watch?v=ouARr-4chJ8
Creating Firewall Rules To Secure Your Synology NASCode: Select all
https://youtu.be/A1I1k9Nct-A?t=139
based on this example, seems he uses 2 nas. one he uses for remote, and the other for lan only. so then less important stuff are on that risky nas, and important stuff on the other nas on the private vlan. less risky i guess.
other discussion threads that examine this issue
https://www.reddit.com/r/qnap/comments/ ... _internet/
https://www.reddit.com/r/NextCloud/comm ... proxy_and/
https://www.reddit.com/r/qnap/comments/ ... _measures/
https://www.reddit.com/r/truenas/commen ... _services/
https://www.reddit.com/r/qnap/comments/ ... e_my_qnap/
Code: Select all
https://www.reddit.com/r/qnap/comments/wm979v/how_to_secure_your_qnap/
Code: Select all
https://www.zdnet.com/article/qnap-warns-nas-users-of-deadbolt-ransomware-urges-customers-to-update/