Prevent Synology Brute Force Attack
No doubt you have heard about the brute force attack on Synology devices and are wondering what to do.
What is Brute Force?
For a brute force attack, attackers need 3 things - your Synology IP address (which they can find with network scanners), your username (they assume you are using the default administrator account), and the password.
They use random passwords to try to break into your device, and if you have a password like "password123" or "querty" (these are the most popular passwords), then its not long before they get in.
How to Prevent Brute Force?
Preventing brute force is fortunately quite easy.
- If your device is behind a firewall and no port is forwarded, you are safe. However, that means your device is only accessible through the internal network.
- If you do not use a standard admin account, an attacker can not guess your username or password. Changing of the admin user itself reduces the risk many times over as the chances of an attacker guess the correct pair of username and password are almost zero
- If you use 2FA, you are 100% secure. Besides the username and password, you need another token to log in.
For Attackers, Brute force attacks don't need any advanced skills. They rely on simple tools like network scanners and IP address rotators. Whether your system has a vulnerability or not, the risk of brute force is always there. If an attacker is able to gain admin access to your NAS, they can delete your snapshots and then encrypt the drive. Therefore, it is important that you enable 2FA and change your admin account.
As NAS devices become more popular, the number of attacks will continue to increase and it's important to follow the general security guidelines to secure your NAS.