New user question: Security Best Practices

Discussion on setting up QNAP NAS products.
Post Reply
RDELROSSI
Starting out
Posts: 11
Joined: Mon Jul 27, 2020 6:45 am

New user question: Security Best Practices

Post by RDELROSSI » Tue Jul 28, 2020 10:29 pm

Hi, all. I'm a brand new QNAP user with a TS-251D and Seagate IronWolf 10TB NAS Internal Hard Drive HDD.

I already love the convenience of my new NAS at home and have an interest in being able to use it remotely, too, though I feel under-educated on keeping my devices secure when they're open to the world.

What I'm looking for are pointers to security best practices, articles, videos, whatever, to help me learn what I most need to know about keeping my new system healthy and secure from intruders.

I appreciate your guidance!

-- Robert

User avatar
dolbyman
Guru
Posts: 20463
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: New user question: Security Best Practices

Post by dolbyman » Tue Jul 28, 2020 10:54 pm

do not expose your nas to the web

use a vpn server capable router to access it from wan

also have backups at all times (you have a single drive..so you must ...right?)

RDELROSSI
Starting out
Posts: 11
Joined: Mon Jul 27, 2020 6:45 am

Re: New user question: Security Best Practices

Post by RDELROSSI » Wed Jul 29, 2020 1:04 am

Thank you for this reply, too :-)

Yes, I have external backup (and intend to add a second drive to the TS-251D for redundancy.

I will need to learn more about "a vpn server capable router." My router today is supplied by Verizon FIOS.

I am running PLEX to access audio through SONOS at home. Does PLEX' "Allow Remote Access," (which is a requirement for using it with SONOS) represent a security risk?

User avatar
dolbyman
Guru
Posts: 20463
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: New user question: Security Best Practices

Post by dolbyman » Wed Jul 29, 2020 1:09 am

Not sure when your Sonos is at home in the same network, why does the traffic have to go out to the internet ?

Plex does support remote access and while Plex probably does a better job programming secure apps, I would (personally) still not trust it to be exposed

RDELROSSI
Starting out
Posts: 11
Joined: Mon Jul 27, 2020 6:45 am

Re: New user question: Security Best Practices

Post by RDELROSSI » Wed Jul 29, 2020 5:07 am

> Not sure when your Sonos is at home in the same network, why does the traffic have to go out to the internet ?

I wondered the same thing. However in attempting to troubleshoot my installation I came across from a support document on the Plex site: "To allow your Plex Media Server to be accessed as needed, you need to enable Remote Access for your server."

In researching today, I read further to find, "Even if you can’t get Remote Access successfully enabled, you should still be okay. So long as you don’t explicitly disable Remote Access, then your server will still be able to set up a “Relay” connection, even if Remote Access isn’t fully configured. Our Relay feature allows a limited connection to be established to your Plex Media Server even if the normal Remote Access isn’t working."

So perhaps that's the answer to working with Sonos and Plex without allowing external access.

dragon788
New here
Posts: 8
Joined: Thu Apr 19, 2012 2:30 pm

Re: New user question: Security Best Practices

Post by dragon788 » Wed Jul 29, 2020 9:03 pm

Just be mindful that you may want a router/firewall that also has intrusion detection/intrusion prevention like the Ubiquiti UniFi line, those can help monitor connections to your NAS and block potentially harmful ones.

ZDNet: CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware.
https://www.zdnet.com/article/cisa-says ... h-malware/

Post Reply

Return to “Turbo Station Installation & Setup”