New user question: Security Best Practices

[RDELROSSI]

Hi, all. I'm a brand new QNAP user with a TS-251D and Seagate IronWolf 10TB NAS Internal Hard Drive HDD.

I already love the convenience of my new NAS at home and have an interest in being able to use it remotely, too, though I feel under-educated on keeping my devices secure when they're open to the world.

What I'm looking for are pointers to security best practices, articles, videos, whatever, to help me learn what I most need to know about keeping my new system healthy and secure from intruders.

I appreciate your guidance!

-- Robert

[dolbyman]

do not expose your nas to the web

use a vpn server capable router to access it from wan

also have backups at all times (you have a single drive..so you must ...right?)

[RDELROSSI]

Thank you for this reply, too

Yes, I have external backup (and intend to add a second drive to the TS-251D for redundancy.

I will need to learn more about "a vpn server capable router." My router today is supplied by Verizon FIOS.

I am running PLEX to access audio through SONOS at home. Does PLEX' "Allow Remote Access," (which is a requirement for using it with SONOS) represent a security risk?

[dolbyman]

Not sure when your Sonos is at home in the same network, why does the traffic have to go out to the internet ?

Plex does support remote access and while Plex probably does a better job programming secure apps, I would (personally) still not trust it to be exposed

[RDELROSSI]

> Not sure when your Sonos is at home in the same network, why does the traffic have to go out to the internet ?

I wondered the same thing. However in attempting to troubleshoot my installation I came across from a support document on the Plex site: "To allow your Plex Media Server to be accessed as needed, you need to enable Remote Access for your server."

In researching today, I read further to find, "Even if you can’t get Remote Access successfully enabled, you should still be okay. So long as you don’t explicitly disable Remote Access, then your server will still be able to set up a “Relay” connection, even if Remote Access isn’t fully configured. Our Relay feature allows a limited connection to be established to your Plex Media Server even if the normal Remote Access isn’t working."

So perhaps that's the answer to working with Sonos and Plex without allowing external access.

[dragon788]

Just be mindful that you may want a router/firewall that also has intrusion detection/intrusion prevention like the Ubiquiti UniFi line, those can help monitor connections to your NAS and block potentially harmful ones.

ZDNet: CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware.
https://www.zdnet.com/article/cisa-says ... h-malware/