Completely reset my TS-451

[FSC830]

...
I wonder however why myqnapcloud is bad for you. I just heard rumors...

During this "fantastic" myqnapcloud setup procedure, UPnP is enabled and port forwardings set in router.
An invitation for everyone to explore your network.
You can read this more than once in all of the malware threads here. In the meantime even QNAP does not recommend using myqnapcloud any longer but to use myqnapcloudlink instead: qsa-22-24. Anyhow I do not trust in any of such QNAP solutions, QNAP showed much to often, how careless security is implemented in their products/services.

Regards

[dolbyman]

Haha..rumors..tell that to the 2000+ people that have paid for the deadbolt ransomware, see if they think it's a rumor

[adetogni]

Haha..rumors..tell that to the 2000+ people that have paid for the deadbolt ransomware, see if they think it's a rumor

I didn't mean that they ARE rumors, but just that I *heard* rumors. I saw the deadbolt spread, being somewhat protected and always up-to-date with firmware (and lucky, probably?) I wasn't affected and I wasn't aware of the severity of the issue.

[dolbyman]

Many of the users hacked were follwing all (but one) best practices

- Strong Passwords
- MFA
- latest Firmware
- disabled admin
- etc

All for nothing, as zero day vulnerabilities circumvent all of these

[adetogni]

Many of the users hacked were follwing all (but one) best practices

- Strong Passwords
- MFA
- latest Firmware
- disabled admin
- etc

All for nothing, as zero day vulnerabilities circumvent all of these

Yeah, that's the way these things "works". That's why I said also that I've been lucky. A few years ago a ransomware attacked ALL of the computers in our office (more than 800) at the same time. I saved my files ONLY because I had the very good practice of saving versioned copies of my work files on an external drive. Some copies were encrypted even in the drive but the previous version was fine.

Anyway, I just bought the external hard disk, I'll backup tomorrow

[adetogni]

1. openvpn or wireguard vpn server on a router e.g. pfsense

AVM made WireGuard very easy to setup with the release of the newest OS for their Fritz.boxes. It won't take two minutes to setup a tunnel.

yes of course everything takes 2 mins if you know how to do it

Also: am I understanding that this requires a purchase of a Fritz.box router that costs roughly 150€?

I believe that protection needs to be related to the data, because 100% security does not exist. I don't have a bank here. Important data is versioned-backupped elsewhere, movies will be one-off backupped on a separate drive.
WORST scenario I do get a deadbolt? I'll recover backup and reset. Annoyance? Yes. Lost data? no...

I don't want to disregard your recommendation, but as a family setup, I'll go with a "ok-ish" security

[adetogni]

QNAP does not recommend using myqnapcloud any longer but to use myqnapcloudlink instead: qsa-22-24.

I still don't get it, what is the difference between myqnapcloud and myqnapcloudlink. Can you please help me?

What I understand is that myqnapcloud is a DDNS service

Is this link correct?
http://unofficialqnapsupport.net/whats-the-differ ... cloudlink/

[OneCD]

WORST scenario I do get a deadbolt? I'll recover backup and reset. Annoyance? Yes. Lost data? no...

I posted an example of an even worse scenario here: viewtopic.php?p=750053#p750053

Don't underestimate how badly lax security can bite you.

[OneCD]

I still don't get it, what is the difference between myqnapcloud and myqnapcloudlink. Can you please help me?

• "myQNAPcloud" exposes your NAS login page to the wild Internet, which means anyone can try to login to it. Not a good idea, as QNAP NAS are not hardened enough for Internet exposure, and historically have been unable to prevent hackers bypassing the login page.

• "myQNAPcloud Link" does not expose your NAS like this. Instead, you must first connect to QNAP's servers, which then connect to your NAS via an always-up link your NAS maintains with QNAP. Much safer, but all your remote data will pass through QNAP's servers. If you don't mind this happening - great!

[adetogni]

WORST scenario I do get a deadbolt? I'll recover backup and reset. Annoyance? Yes. Lost data? no...

I posted an example of an even worse scenario here: viewtopic.php?p=750053#p750053

Don't underestimate how badly lax security can bite you.

Well, that's a very, very, very extreme scenario. At least in Italy one's innocent until proven guilty.

I am *for* security. In fact part of my role is DPO (Data Protection Officer) which in Europe is a formal role of people involved with Data Protection (more connected to law than to actually network protection, but we do talk often with CEOs that don't do penetration test with the mantra "what could go wrong" or they don't plan a disaster recovery plan). So, yes, I do care for security. I've been hit by a ransom (on a corporate computer, not a personal one) and I lost data due to missed backups. I know the drill. I actually use the story of the HackingTeam company that went bankrupt due to a lack of security in my trainings.

However security has a cost associated to it. Any extra layer of security has a cost which needs to be factored in. Because to be super-extra-safe you would simply have it disconnected from the internet. Huge companies with huge IT security staff has been penetrated, and I'm pretty sure they had WatchGuard firewalls and DMZ and such. Still, perfect security does not exist because...zero-day.
There is also the operative cost, since to setup a "banal" DD-WRT you need to know how to do it, train yourself, keep firmwares up-to-date, monitor etc.

Using this edge-cases as an example...man, why don't you DON'T drive your car? Because regardless of your care, someone could miss a traffic light and hit you. Instead you minimize as much as possible (drive slowly, buy cars with airbags, use the safety belt...) and then you accept the extra margin risk.

All of this words just to say that I draw a certain line on time and cost I want to invest to secure a network drive which is already backed up constantly.

Hope no one got offended

[adetogni]

I still don't get it, what is the difference between myqnapcloud and myqnapcloudlink. Can you please help me?

• "myQNAPcloud" exposes your NAS login page to the wild Internet, which means anyone can try to login to it. Not a good idea, as QNAP NAS are not hardened enough for Internet exposure, and historically have been unable to prevent hackers bypassing the login page.

• "myQNAPcloud Link" does not expose your NAS like this. Instead, you must first connect to QNAP's servers, which then connect to your NAS via an always-up link your NAS maintains with QNAP. Much safer, but all your remote data will pass through QNAP's servers. If you don't mind this happening - great!

Cool. thanks a lot.
So if I follow this post

"The trick is easy: Go to https://www.myqnapcloud.com/ - select the device, go to [Device details], and use [Unregister]."

I disable MyQnapCloud but I can still connect through the link version?

Because as far as I remember last time I remotely connected (not through VPN since... I need to reconfigure it) I had to type qnapcloud password AND user password on nas. Is that correct?

[adetogni]

here's current config. Should I "Annullare registrazione" which is "unregister"?

[OneCD]

Because as far as I remember last time I remotely connected (not through VPN since... I need to reconfigure it) I had to type qnapcloud password AND user password on nas. Is that correct?

I can't help wrangle the myQNAPcloud (or Link) services, as I've never used the software. Maybe someone else can advise?

[adetogni]

fun fact. I discovered that I already had in a drawer a 4TB disk, used in the past for backups

[adetogni]

remove the drives from the nas, connect the drives to the desktop pc and wipe their partitions and do a quick format. So the next time you insert the drives into the QNAP, it will treat this like a new drive because u removed all traces of the previous partitions.

Hey Moogle, I don't have a desktop and I will have to buy a sata/usb connector just for this specific task (it does not cost much, just it will be just a waste after a few minutes so I would like to avoid if possible to buy one-trick-ponies ).

Would it be possible to use the NAS to reformat the drives? If I insert just one drive at a time, it should not identify it as RAID and I should be able to reformat. What do you think?

thanks