Frequently Asked Question
How to Enhance the Security of Your Synology NAS
Last Updated 5 months ago
Purpose
This guide provides various methods to improve the security of your Synology NAS.
Steps to Secure Your Synology NAS
- Enable Security Advisor
- Use this built-in DSM app to scan your NAS and strengthen security settings. For configuration, refer to the DSM guide.
- Configure DSM Users' Permission Settings
- Disable the default admin account. Manage user/group privileges for shared folders and applications. Set quotas and speed limits in
Control Panel > User
orUser & Group
.
- Disable the default admin account. Manage user/group privileges for shared folders and applications. Set quotas and speed limits in
- Configure Password Strength Rules
- Ensure users set strong passwords. Enable password strength rules in
Control Panel > User & Group > Advanced > Password Settings
.
- Ensure users set strong passwords. Enable password strength rules in
- Set Expiration for Passwords
- Force periodic password changes. Enable password expiration in
Control Panel > User & Group > Advanced > Password Expiration
.
- Force periodic password changes. Enable password expiration in
- Use Multi-Factor Authentication
- Add an extra layer of security for DSM accounts. Enable this in
Options > Personal > Account > 2-Factor Authentication
.
- Add an extra layer of security for DSM accounts. Enable this in
- Enable Auto Block and Account Protection
- Use auto block to thwart repeated failed login attempts. Configure this in
Control Panel > Security > Protection
orAccount
.
- Use auto block to thwart repeated failed login attempts. Configure this in
- Enable HTTPS Connection
- Secure your connections to DSM and other services with SSL/TLS encryption. Set this up as outlined in the DSM tutorial.
- Secure FTP Service
- Synology NAS supports Secure FTP by default when the FTP service is enabled.
- Open Only Necessary Public Ports on the Router
- Limit router ports to essential services only. Follow the DSM tutorial for remote access configuration.
- Enable DoS Protection
- Protect against Denial-of-Service attacks. Enable this in
Control Panel > Security > Protection
, and limit ICMP ping response frequency.
- Protect against Denial-of-Service attacks. Enable this in
- Change Default Management Ports
- Alter the default ports to prevent unauthorized access. Change HTTP/HTTPS in
Control Panel > Login Portal > DSM
and SSH inControl Panel > Terminal & SNMP > Terminal
.
- Alter the default ports to prevent unauthorized access. Change HTTP/HTTPS in
ETH231121