Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

QNAP Security

#1
Hi,

I really like the look of the QNAP TS-464 due to the hardware specs but obviously extremely conscious of the repeated security issues that QNAP in particular seem to run into. Allowing for the fact all systems will have a baseline risk, with QNAP is it a case of they're flat out more at risk or only if you open them to remote access and specifically if you do it without changing default admin passwords?!

What I'm mostly after is local storage to compliment my OneDrive cloud photo backups, local Plex server (mostly only up to 1080p) and obviously as general storage (damn you MacBooks and un-upgradable SSD!!). Obviously appreciate anything you say will only be advice and ultimately the risk is my decision.

Love the YouTube channel by the way! Super helpful for a not fully techy who does a bit of dabbling like myself!

THanks

Lee
Reply
#2
The reality is - any NAS that is 'internet facing' or any PC, tablet, telephone etc...  is just as 'at risk' from attack than the next. I'm sure if you scanned your router log file you'd find A LOT of attempted connections, and if you have an internet facing system with an 'Admin' user, that system will show quite a few failed login attempts.

Basically, if you can see the internet to download stuff - the internet can see you.

The principal difference with QNAP is they keep options open as default, so the user hasn't got to make quite so many little tweaks to get things working. Synology on the other hand prefers to default almost everything to disabled, and you as a user have to find it and enable it as you go.

Add to that QNAP tends to be housed in a more technically 'competent' environment (nothing against Synology, but QNAP is more of a geeks choice) and hackers are aware of these flaws. Plus there are so many of them globally, it's easier to find a weak one.

Robbie's tried to 'help the crowd' and has posted several videos and how to's in order to get people to lock down their systems a little tighter
https://www.youtube.com/watch?v=hUxieCdH...ASCompares (here's one he made earlier)

If you can do away with the Admin user altogether (or at least make the password a whole sentence long with upper/lower/numeric/special characters and enable 2FA) then you're already well on the way to a safer system. Add regular snapshots and you can 'undo' many hacks.

OH - and make sure you change your router settings as well - like the default network name/ password / admin / even IP ranges...

Routers are even worse, because they are supposed to be your gatekeeper. Plus most have a 'factory' setting easy to decipher AND they have a great big sticker on them that gives you all the details, or a WPS button that means you don't even need the details. Try and get a guest network, where visitors can have internet, but not access to any of your KIT.

Anyway, I think that just about covers security vulnerability essentials Smile

Yes the TS-464 is a very capable home / slightly advanced user NAS - great for a little future proofing and playing with expandability options. Perfectly capable of handling Plex.
Oh and your OneDrive solution - you can mount your OneDrive to your NAS as a virtual share, plus with Hybrid Backup Sync it'll plug right in and 2 way actively / scheduled sync all your 1TB of data (if you have a OneDrive subscription). It'll also do the same with multiple accounts or Google Drives, or a host of other cloud providers. What's more, one you set it up - it just keeps going.

For Apple devices there's TimeMachine and, if you want files to replicate locally on all your devices there's File Sync. Plus a host of apps for your phone that can act as a NAS remote control, Music, Video or Photo library.

Personally, since iCloud isn't natively supported (damn you Apple for not allowing other providers to sync cloud backups) - you can even set iPhones to backup photos to OneDrive and then QNAP to download and backup One Drive.
Hell - with a TS-464 you could even run a Windows virtual machine, then plug your iPhone into your virtual machine, via the NAS and take a FULL iPhone backup. and then suspend the VM so it vanishes from world view.

Anyway - hope you find this useful - and if you're going for the TS-464 + HDDs, look for Robbie's buyer referral links.
---------------------------------------------------------------------
-- Raid is not a backup, but it is a step in the right direction --
---------------------------------------------------------------------
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)