I am confused.
MyQNAPcloud is a current product, promoted by QNAP as "a cloud service provided by QNAP for you to remotely connect to your QNAP devices and to share your files securely."
Source: https://support.myqnapcloud.com/faq/wha ... ud?lang=en and https://www.qnap.com/en/how-to/tutorial ... ud-service
It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.
1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?
myQNAPcloud and security
- spile
- Been there, done that
- Posts: 638
- Joined: Tue May 24, 2016 12:13 am
- OneCD
- Guru
- Posts: 12039
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: myQNAPcloud and security
Unfortunately, QNAP's marketing dept are detached from reality. Their hope is that the quoted statement will eventually be true.
The answers provided by @dm in that topic are still correct. There's nothing more to add. (I'll also need to lock it now to prevent anyone reviving it. )spile wrote: ↑Mon Jun 29, 2020 12:08 am It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.
- spile
- Been there, done that
- Posts: 638
- Joined: Tue May 24, 2016 12:13 am
Re: myQNAPcloud and security
Thank you for your reply. Please can you answer 1) and 2) above. Thank you.
- dolbyman
- Guru
- Posts: 35024
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: myQNAPcloud and security
1) myqnapcloud is a DDNS service (mainly) nothing secure or insecure about it, QTS system is not hardened enough to be exposed to the net
2) unclear what a security advisory is supposed to (dis)prove , please elaborate
2) unclear what a security advisory is supposed to (dis)prove , please elaborate
- jaysona
- Been there, done that
- Posts: 846
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: myQNAPcloud and security
That means QNAP marketing has succeeded in their job.
On a more serious note;1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?
1a. I can not answer for myQnapcloud - i do not use it, and probably never will.
1b. QTS is inherently insecure, however there is no safety (safety != security, therefore the words are not interchangeable) issue with QTS.
1c. If you want to protect your NAS from being hacked and keeping the data it stores secure, then do not expose the QTS Admin web page and do not expose any QTS applications to the Internet.
2. QNAP has issued several security warnings because QNAP had no choice after someone publicly disclosed vulnerabilities about some of the QTS applications, and those vulnerabilities were actively being exploited in order to compromise QNAP NAS units that had QTS applications exposed to the Internet.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
-
- Easy as a breeze
- Posts: 488
- Joined: Fri Mar 31, 2017 7:09 am
Re: myQNAPcloud and security
myQNAPcloud allows you to access your NAS remotely without needing to do port forwarding. What this means, is that even if there were vulnerabilities not yet patched on your QNAP, it would be very hard to exploit those vulnerabilities if you had no ports open. So myQNAPcloud is a secure way to access your NAS remotely through a qlink that removes the need for port forwarding. I would recommend making the myQNAPcloud password something very hard to guess.
Another way to access the NAS securely it to use VPN. We have the QVPN app of you want to make the QNAP the VPN server and we are releasing the QHora router that can also be a VPN server. VPN allows you use some features that you can't use through a qlink and in general, I think QVPN is the better way. But not every customer is as technical as the average person who posts on this forum and some of them are intimidated by trying to set up a VPN. So myQNAPcloud makes it easy to access your data remotely without exposing potential vulnerabilities by opening ports to the internet.
Of course, we still recommend keeping your NAS firmware and apps up to date so you can apply the latest security patches. But there is a lot of safety in not needing to open ports to the internet to access your NAS remotely.
Another way to access the NAS securely it to use VPN. We have the QVPN app of you want to make the QNAP the VPN server and we are releasing the QHora router that can also be a VPN server. VPN allows you use some features that you can't use through a qlink and in general, I think QVPN is the better way. But not every customer is as technical as the average person who posts on this forum and some of them are intimidated by trying to set up a VPN. So myQNAPcloud makes it easy to access your data remotely without exposing potential vulnerabilities by opening ports to the internet.
Of course, we still recommend keeping your NAS firmware and apps up to date so you can apply the latest security patches. But there is a lot of safety in not needing to open ports to the internet to access your NAS remotely.
-
- Starting out
- Posts: 25
- Joined: Tue Oct 20, 2020 8:19 pm
Re: myQNAPcloud and security
@QNAPDanielFL
Hi,
I set up my VPN with qbelt.
I was trying to connect to the NAS when I was out of the home network from my laptop.
Sometimes I succeed and I have a list of apps and sometimes it does not fully connect.
Meaning that there is a message "limited access: ... will only provide vpn connection"
No app is active in this mode.
What does it allow to do in this situation?
Hi,
I set up my VPN with qbelt.
I was trying to connect to the NAS when I was out of the home network from my laptop.
Sometimes I succeed and I have a list of apps and sometimes it does not fully connect.
Meaning that there is a message "limited access: ... will only provide vpn connection"
No app is active in this mode.
What does it allow to do in this situation?
-
- Easy as a breeze
- Posts: 488
- Joined: Fri Mar 31, 2017 7:09 am
Re: myQNAPcloud and security
Did you choose a DNS server for Qbelt?
If not, then you can VPN to the NAS but can't access the internet?
Is that the issue you have? That you can VPN to the NAS but can't access the internet when you do?
If not, then you can VPN to the NAS but can't access the internet?
Is that the issue you have? That you can VPN to the NAS but can't access the internet when you do?
-
- Starting out
- Posts: 25
- Joined: Tue Oct 20, 2020 8:19 pm
Re: myQNAPcloud and security
first, so sorry for my English (I try to do my best )
I choose "NAS default" for the dns.
the situation:
I am at work/friend - connected with my laptop to Wi-Fi.
open the QVPN app on my laptop and try to establish a VPN connection.
when it works then:
and it is just show connected, but no app show on list, also my IP stay on the Wi-Fi network (work/friend).
I choose "NAS default" for the dns.
the situation:
I am at work/friend - connected with my laptop to Wi-Fi.
open the QVPN app on my laptop and try to establish a VPN connection.
when it works then:
- I can see my home network IP if I go to "what is my IP" on google.
- I get a new internal IP from the VPN client pool (10.6.0.*)
- I see all of my published apps so I can connect them:
FYI - the container station can work only if I connect though VPN (not from cloud or qlink.to/mynas)
and it is just show connected, but no app show on list, also my IP stay on the Wi-Fi network (work/friend).