Hey folks - before anyone gets too excited I know virtually nothing about internet/router/NAS protocols. I am having some security issues with my new Qnap NAS (purchased mainly to use as a Plex media server and for data backups) that I am pretty sure I should be concerned about. I initially set up the NAS for remote access and then after further investigation decided to remove this for 1 main reason, I run uPnP on my router. From my research this is a big no-no in terms of internet security. Why do you do this you might ask? Right now there are 5 individuals teaching and learning online from home with multiple devices connected to the router including tablets, laptops, casting devices and now the NAS. At present it would be too intensive for me to reconfigure all of these devices without using uPnP, mainly because I don't really know where to start of how to continue - so I think uPnP has to stay enabled for the time being.
My issue is that even after removing the remote access features I was still getting random logon attempts. I have now installed Qufirewall and log almost 2000 denied packets each hour from unknown sources (firewall just logs them as IPV4 Any). From what I have read so far some of this could be normal app traffic (Plex, App Centre, Antivirus, Malware) but I am wondering if I should be concerned about malicious attacks? Also, is there any way to lock down the NAS if I cannot disable uPnP on the router?
TIA for any and all help - go easy on me
Total noob
-
dolbyman
- Guru
- Posts: 35249
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Total noob
I run hundreds of of devices in dozens of networks and have upnp disabled .. no problem .. why exactly do you think the devices need ports forwarded to them ?
-remove manual port forwards in the router
- disable upnp in the router
- uninstall the useless qnap firewall
- run a VPN server on your router or a dedicated device for WAN to LAN access
-remove manual port forwards in the router
- disable upnp in the router
- uninstall the useless qnap firewall
- run a VPN server on your router or a dedicated device for WAN to LAN access
-
shegarty
- New here
- Posts: 2
- Joined: Sat May 15, 2021 1:46 am
Re: Total noob
Thanks for the info - I assumed that in order for some applications to run (Google Meet among them) that I would need to have certain ports open. Since I am not really sure what I am doing when it comes to setting up port forwarding manually I thought that uPnP would be the easiest option - that was before learning about how vulnerable it leaves your network. Will running a VPN on the router make connecting to services like Meet buggy or slower?
Last edited by shegarty on Sat May 15, 2021 5:19 am, edited 1 time in total.
-
dolbyman
- Guru
- Posts: 35249
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: Total noob
None of those programs would need port forwards .. all is done via NAT
Reaching your LAN from WAN via VPN has no effect on any LAN device functionality
Reaching your LAN from WAN via VPN has no effect on any LAN device functionality