Frequently Asked Question

Purpose

This guide provides various methods to improve the security of your Synology NAS.

Steps to Secure Your Synology NAS

1. Enable Security Advisor
   • Use this built-in DSM app to scan your NAS and strengthen security settings. For configuration, refer to the DSM guide.
2. Configure DSM Users' Permission Settings
   • Disable the default admin account. Manage user/group privileges for shared folders and applications. Set quotas and speed limits in Control Panel > User or User & Group.
3. Configure Password Strength Rules
   • Ensure users set strong passwords. Enable password strength rules in Control Panel > User & Group > Advanced > Password Settings.
4. Set Expiration for Passwords
   • Force periodic password changes. Enable password expiration in Control Panel > User & Group > Advanced > Password Expiration.
5. Use Multi-Factor Authentication
   • Add an extra layer of security for DSM accounts. Enable this in Options > Personal > Account > 2-Factor Authentication.
6. Enable Auto Block and Account Protection
   • Use auto block to thwart repeated failed login attempts. Configure this in Control Panel > Security > Protection or Account.
7. Enable HTTPS Connection
   • Secure your connections to DSM and other services with SSL/TLS encryption. Set this up as outlined in the DSM tutorial.
8. Secure FTP Service
   • Synology NAS supports Secure FTP by default when the FTP service is enabled.
9. Open Only Necessary Public Ports on the Router
   • Limit router ports to essential services only. Follow the DSM tutorial for remote access configuration.
10. Enable DoS Protection
    • Protect against Denial-of-Service attacks. Enable this in Control Panel > Security > Protection, and limit ICMP ping response frequency.
11. Change Default Management Ports
    • Alter the default ports to prevent unauthorized access. Change HTTP/HTTPS in Control Panel > Login Portal > DSM and SSH in Control Panel > Terminal & SNMP > Terminal.