Synology SHR Simplified

Akash jain Estimated Read Time: 3 Minutes
Synology SHR is a great feature that allows you to mix hard drives of different capacities. We explain how it works, pros and cons of using it.

Read more →

How to Secure your NAS in 2022

Akash jain2 comments Estimated Read Time: 5 Minutes
The number of attacks, malware and ransomware targeting NAS has increased and will continue to increase this year. We look at how you can minimize the risk of an attack on your system

Read more →

Security threats are increasing for Network attached storage (NAS)

Akash jain Estimated Read Time: 4 Minutes

In recent months, attacks on NAS devices have increased many times over, and you have probably thought about how to stop these attacks and recover your data if your NAS is affected. Here are a few things that you need to know about security problems on NAS

1. More security problems and attacks will follow

One of the reasons there is so much malware, brute force and ranwonware targeting network attached storage today is because NAS devices have become a mainstay. The number of NAS devices out there today justifies the time and effort malicious actors spend to plan and execute an attack. No matter what NAS vendors do, attacks will only increase in the future, and you need to be ready for it.

2. The most secure NAS brand

You have probably wondered if there is one NAS brand that is more secure than another. The short answer is none - most of them are equally secure. But there are caveats.

The core of the NAS, the main operating system that powers them, is almost always Linux with some customization (very few run Windows Storage Server). So the core is the same for all NAS brands and has the same tLinux kernel vulnerability , making them equally secure (or insecure) in this area.

Then there are third-party applications that you run on the NAS - for example, Plex or Transmission or php applications. Again, if these 3rd party applications have a security flaw, it affects all brands equally.

Then there are the vendor specific applications - here one NAS OS may have a security advantage over another. But this is not a major advantage. In the future, hackers will primarily target the core Linux vulnerability, so they can attack all NAS devices regardless of brand.

3. You can not mitigate all risks to your NAS

As long as a device is connected to the Internet, there may be a new vulnerability that can be exploited. By the time the manufacturer learns about the new vulnerability and fixes it, you may already be affected.

So remember - you can not mitigate the risk ALL, but you can mitigate the known risks. Thats your Goal - to follow best practices and secure your NAS as much as you can against KNOWN threats so you are a difficult target.


4. A Backup of your backup - the immutable offline copy

On your NAS is your backup that you would have relied on in case of data loss, but now you need another layer of protection. A copy that’s immutable to any bad actor. No malware, virus or ransomware can touch it , because its offline.

The ONLY copy of your data that is truly safe is an offline copy. You can not keep an offline copy of all your data , but divide your data into critical and non-critical, and plan how you want to keep offline copy of your critical data. This can be a copy on TAPE, an RDX hard drive or an external hard drive. RDX docks are easy to connect to your NAS and RDX tapes are easy to handle and back up.

5. you need snapshots to recover the data after ransomware encryption.

Almost all NAS brands offer snapshots in their mid-range and high-end NAS. Snapshots are the best way to recover from ransomware (or accidental deletions/overwrites) because you can restore your data to an earlier point in time. Keep some storage space free for snapshots and enable scheduled snapshots. So far, no ransomware is known to infect block-level disks, so your block-level snapshot can help you recover from ransomware.

6. A brute force attack can even remove your snapshots

The worst attack can be a brute force attack. You know, when someone tries to "guess" your administrator password. If he succeeds, he can get full access to your system, look at your snapshots and do everything an administrator can do.

The good news is that brute force is not very difficult to stop. If you do not have an admin user with the username admin or administrator, use 2FA, use a complex password, and lock the user after more than x failed attempts, you can stop it.

7. look for vulnerabilities outside the NAS.

The vulnerability does not necessarily have to be in your NAS. A hacker can gain access through your router, camera, and even your network-connected printer. If your network is not secure, none of the devices, including your NAS, are secure either.

8. how to secure your NAS

Now the question is how to maximize the protection of your device. Most of the measures you need to take can be summarized as follows: updated firmware, minimizing third-party apps, disabling remote access (except via VPN), enabling snapshots, and disabling the administrator username.

We have written a guide with a few recommendations to make your NAS safer. you can read the guide here

Read more →

WD ending support for My cloud OS 3 and earlier

Akash jain Estimated Read Time: 1 Minutes

Many customers have received an email from WD that support for older my cloud devices is being discontinued. There will be no further updates for devices running on OS 3 and earlier, leaving them vulnerable to security issues, and there are many.

If you have a device currently running OS3 or earlier, what are your options?

Update to OS5  if you can.

If your device is compatible with OS5, you can upgrade, and you should do so immediately. Current models like EX2 ultra, EX4100, PR2100 and PR4100 are upgradeable and some older models like DL2100, DL4100 and My cloud mirror gen2 are also upgradeable. WD has published a list of all models that are upgradeable.

If you have a model that can be upgraded to OS5, you do not have to worry. Just upgrade and use them as usual, at least until 2026, because WD says they will support this version until 2026.

Use device only locally if you can not upgrade

What if you have an old device that can not be upgraded and has to run OS3 or earlier. In this case, an internet connection would only lead to the device being targeted. So WD recommends that you only use the device locally and not have access to the internet. The email states

"We recommend that you immediately secure your device, [disable remote access], disconnect it from the Internet, and then protect it with a strong, unique password."

And yes, the email says that you will receive a 20% off coupon that you can use towards the purchase of any of the following devices: My Cloud Home 8TB, My Book 12TB, My Cloud EX2 Ultra 16TB, 24TB, 28TB and My Book 12TB. You do not have to return your old device. It's not clear yet how the coupons will work in the Middle East, but we will know soon.

Read more →

WD

Prevent Synology Brute Force Attack

Admin Estimated Read Time: 1 Minutes
Preventing brute force attacks on Synology ( or any other NAS) is easy. A strong password, non standard admin username, and 2FA can stop these attacks

Read more →

NAS Buying Guide 2021

Admin Estimated Read Time: 9 Minutes
How to buy a NAS. We take a look at some of the most important variables and the options you have so you can make an informed decision.

Read more →

On-Premise Synology NAS servers offer more to SMBs than Cloud 

Admin Estimated Read Time: 2 Minutes
We explore why a Synology NAS makes more sense than a SaaS or Windows File server.

Read more →

No vendor Lock on new Synology

Admin2 comments Estimated Read Time: 2 Minutes
Synology is finally allowing the use of unverified drives with the 3 newly launched NAS devices albeit with limitations.

Read more →

Information about Synology HAT5300 drives

Admin Estimated Read Time: 2 Minutes
Synology HAT5300 SATA 3.5" Drives seem to be based on an Enterprise Grade hard drive platform ( mostly Toshiba MG), with 5 years warranty and a tweaked firmware that offers better performance on Synology Devices.

Read more →

NAS as a Google photos Alternative

Admin Estimated Read Time: 2 Minutes
Now that the much loved Google photos doesn't have the Free Unlimited Storage, an On premise Network Attached Storage is the best alternative.

Read more →