myQNAPcloud and security

Post your questions about myQNAPcloud service here.
Post Reply
User avatar
spile
Been there, done that
Posts: 638
Joined: Tue May 24, 2016 12:13 am

myQNAPcloud and security

Post by spile »

I am confused.
MyQNAPcloud is a current product, promoted by QNAP as "a cloud service provided by QNAP for you to remotely connect to your QNAP devices and to share your files securely."
Source: https://support.myqnapcloud.com/faq/wha ... ud?lang=en and https://www.qnap.com/en/how-to/tutorial ... ud-service

It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.

1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?
User avatar
OneCD
Guru
Posts: 12039
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: myQNAPcloud and security

Post by OneCD »

spile wrote: Mon Jun 29, 2020 12:08 am MyQNAPcloud is a current product, promoted by QNAP as "a cloud service provided by QNAP for you to remotely connect to your QNAP devices and to share your files securely."
Unfortunately, QNAP's marketing dept are detached from reality. Their hope is that the quoted statement will eventually be true. :S
spile wrote: Mon Jun 29, 2020 12:08 am It is interesting that the questions posed in this thread viewtopic.php?t=134974 opened in 2017 have still not been answered.
The answers provided by @dm in that topic are still correct. There's nothing more to add. (I'll also need to lock it now to prevent anyone reviving it. ;) )

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
User avatar
spile
Been there, done that
Posts: 638
Joined: Tue May 24, 2016 12:13 am

Re: myQNAPcloud and security

Post by spile »

Thank you for your reply. Please can you answer 1) and 2) above. Thank you.
User avatar
dolbyman
Guru
Posts: 35024
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: myQNAPcloud and security

Post by dolbyman »

1) myqnapcloud is a DDNS service (mainly) nothing secure or insecure about it, QTS system is not hardened enough to be exposed to the net
2) unclear what a security advisory is supposed to (dis)prove , please elaborate
User avatar
jaysona
Been there, done that
Posts: 846
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: myQNAPcloud and security

Post by jaysona »

spile wrote: Mon Jun 29, 2020 12:08 am I am confused.

....
That means QNAP marketing has succeeded in their job. :P :lol:
1) Is the current version of myQnapcloud and QTS inherently insecure as a service and therefore unsafe to use?
2) If 1 and 2 are true why have QNAP issued this: https://www.qnap.com/en-uk/security-advisory/qsa-20-02?
On a more serious note;

1a. I can not answer for myQnapcloud - i do not use it, and probably never will.
1b. QTS is inherently insecure, however there is no safety (safety != security, therefore the words are not interchangeable) issue with QTS.
1c. If you want to protect your NAS from being hacked and keeping the data it stores secure, then do not expose the QTS Admin web page and do not expose any QTS applications to the Internet.

2. QNAP has issued several security warnings because QNAP had no choice after someone publicly disclosed vulnerabilities about some of the QTS applications, and those vulnerabilities were actively being exploited in order to compromise QNAP NAS units that had QTS applications exposed to the Internet.
RAID is not a Back-up!

H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15

Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
QNAPDanielFL
Easy as a breeze
Posts: 488
Joined: Fri Mar 31, 2017 7:09 am

Re: myQNAPcloud and security

Post by QNAPDanielFL »

myQNAPcloud allows you to access your NAS remotely without needing to do port forwarding. What this means, is that even if there were vulnerabilities not yet patched on your QNAP, it would be very hard to exploit those vulnerabilities if you had no ports open. So myQNAPcloud is a secure way to access your NAS remotely through a qlink that removes the need for port forwarding. I would recommend making the myQNAPcloud password something very hard to guess.

Another way to access the NAS securely it to use VPN. We have the QVPN app of you want to make the QNAP the VPN server and we are releasing the QHora router that can also be a VPN server. VPN allows you use some features that you can't use through a qlink and in general, I think QVPN is the better way. But not every customer is as technical as the average person who posts on this forum and some of them are intimidated by trying to set up a VPN. So myQNAPcloud makes it easy to access your data remotely without exposing potential vulnerabilities by opening ports to the internet.

Of course, we still recommend keeping your NAS firmware and apps up to date so you can apply the latest security patches. But there is a lot of safety in not needing to open ports to the internet to access your NAS remotely.
boubi
Starting out
Posts: 25
Joined: Tue Oct 20, 2020 8:19 pm

Re: myQNAPcloud and security

Post by boubi »

@QNAPDanielFL
Hi,
I set up my VPN with qbelt.
I was trying to connect to the NAS when I was out of the home network from my laptop.
Sometimes I succeed and I have a list of apps and sometimes it does not fully connect.
Meaning that there is a message "limited access: ... will only provide vpn connection"

No app is active in this mode.
What does it allow to do in this situation?
QNAPDanielFL
Easy as a breeze
Posts: 488
Joined: Fri Mar 31, 2017 7:09 am

Re: myQNAPcloud and security

Post by QNAPDanielFL »

Did you choose a DNS server for Qbelt?
If not, then you can VPN to the NAS but can't access the internet?

Is that the issue you have? That you can VPN to the NAS but can't access the internet when you do?
boubi
Starting out
Posts: 25
Joined: Tue Oct 20, 2020 8:19 pm

Re: myQNAPcloud and security

Post by boubi »

first, so sorry for my English (I try to do my best :) )

I choose "NAS default" for the dns.
the situation:
I am at work/friend - connected with my laptop to Wi-Fi.
open the QVPN app on my laptop and try to establish a VPN connection.
when it works then:
  • I can see my home network IP if I go to "what is my IP" on google.
  • I get a new internal IP from the VPN client pool (10.6.0.*)
  • I see all of my published apps so I can connect them:
    FYI - the container station can work only if I connect though VPN (not from cloud or qlink.to/mynas)
When it partially work, I see the message "limited access:... will only provide VPN connection"
and it is just show connected, but no app show on list, also my IP stay on the Wi-Fi network (work/friend).
Post Reply

Return to “myQNAPcloud service”