Hi, all. I'm a brand new QNAP user with a TS-251D and Seagate IronWolf 10TB NAS Internal Hard Drive HDD.
I already love the convenience of my new NAS at home and have an interest in being able to use it remotely, too, though I feel under-educated on keeping my devices secure when they're open to the world.
What I'm looking for are pointers to security best practices, articles, videos, whatever, to help me learn what I most need to know about keeping my new system healthy and secure from intruders.
I appreciate your guidance!
-- Robert
New user question: Security Best Practices
-
- Starting out
- Posts: 11
- Joined: Mon Jul 27, 2020 6:45 am
- dolbyman
- Guru
- Posts: 35243
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: New user question: Security Best Practices
do not expose your nas to the web
use a vpn server capable router to access it from wan
also have backups at all times (you have a single drive..so you must ...right?)
use a vpn server capable router to access it from wan
also have backups at all times (you have a single drive..so you must ...right?)
-
- Starting out
- Posts: 11
- Joined: Mon Jul 27, 2020 6:45 am
Re: New user question: Security Best Practices
Thank you for this reply, too
Yes, I have external backup (and intend to add a second drive to the TS-251D for redundancy.
I will need to learn more about "a vpn server capable router." My router today is supplied by Verizon FIOS.
I am running PLEX to access audio through SONOS at home. Does PLEX' "Allow Remote Access," (which is a requirement for using it with SONOS) represent a security risk?
Yes, I have external backup (and intend to add a second drive to the TS-251D for redundancy.
I will need to learn more about "a vpn server capable router." My router today is supplied by Verizon FIOS.
I am running PLEX to access audio through SONOS at home. Does PLEX' "Allow Remote Access," (which is a requirement for using it with SONOS) represent a security risk?
- dolbyman
- Guru
- Posts: 35243
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: New user question: Security Best Practices
Not sure when your Sonos is at home in the same network, why does the traffic have to go out to the internet ?
Plex does support remote access and while Plex probably does a better job programming secure apps, I would (personally) still not trust it to be exposed
Plex does support remote access and while Plex probably does a better job programming secure apps, I would (personally) still not trust it to be exposed
-
- Starting out
- Posts: 11
- Joined: Mon Jul 27, 2020 6:45 am
Re: New user question: Security Best Practices
> Not sure when your Sonos is at home in the same network, why does the traffic have to go out to the internet ?
I wondered the same thing. However in attempting to troubleshoot my installation I came across from a support document on the Plex site: "To allow your Plex Media Server to be accessed as needed, you need to enable Remote Access for your server."
In researching today, I read further to find, "Even if you can’t get Remote Access successfully enabled, you should still be okay. So long as you don’t explicitly disable Remote Access, then your server will still be able to set up a “Relay” connection, even if Remote Access isn’t fully configured. Our Relay feature allows a limited connection to be established to your Plex Media Server even if the normal Remote Access isn’t working."
So perhaps that's the answer to working with Sonos and Plex without allowing external access.
I wondered the same thing. However in attempting to troubleshoot my installation I came across from a support document on the Plex site: "To allow your Plex Media Server to be accessed as needed, you need to enable Remote Access for your server."
In researching today, I read further to find, "Even if you can’t get Remote Access successfully enabled, you should still be okay. So long as you don’t explicitly disable Remote Access, then your server will still be able to set up a “Relay” connection, even if Remote Access isn’t fully configured. Our Relay feature allows a limited connection to be established to your Plex Media Server even if the normal Remote Access isn’t working."
So perhaps that's the answer to working with Sonos and Plex without allowing external access.
-
- New here
- Posts: 8
- Joined: Thu Apr 19, 2012 2:30 pm
Re: New user question: Security Best Practices
Just be mindful that you may want a router/firewall that also has intrusion detection/intrusion prevention like the Ubiquiti UniFi line, those can help monitor connections to your NAS and block potentially harmful ones.
ZDNet: CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware.
https://www.zdnet.com/article/cisa-says ... h-malware/
ZDNet: CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware.
https://www.zdnet.com/article/cisa-says ... h-malware/