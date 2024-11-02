Setting up network-attached storage (NAS) is easier than you might assume. Turnkey enclosures from Synology and ASUSTOR are ready once connected to your LAN and a power outlet. As long as you have at least one drive installed, you can configure the OS and start storing data. But there are some things to bear in mind when setting everything up. Since you'll be storing a lot of data on this device, it's vital to spend some time securing not only your NAS but also the network and all other devices connected to it. Here are some basic security mistakes I've seen people make when setting up their first NAS.

6 NAS accounts are not secured

"Pa55w0rd123" doesn't count

We've all been there, using insecure passwords. Before the days of password managers, it wasn't uncommon to use a familiar password that's easy to remember. An obvious issue with this approach is the less unique (or more coherent) the password, the easier it is for someone to either guess or crack using software. This is when randomly generated passwords came into fashion with special character support and a single place for everything to be stored. Password managers now serve as the backbone of the user account world and there's no excuse for using bad passwords in 2024.

According to Wikipedia, the most popular passwords are as follows:

123456 password 12345678 qwerty 123456789 12345 1234 111111 1234567 dragon

For your NAS, I recommend using a strong password. Something like Bitwarden is ideal for storing thousands of user credentials and there's even support for home accounts and license upgrades for even more features and convenience. All you need to remember is one single password. Ensure every account on your NAS is using such a password. If not, now's a great time to introduce your loved ones to password managers. While you're here, have you activated two-factor authentication (2FA) for your NAS? In the wise words of Darth Sidious: "Do it!"

Old OS, meet even older apps

Have you ever used someone else's computer only to realize they're using an old version of the operating system or some apps? That's precisely what can happen with a NAS, especially if automatic updates are disabled. Most NAS enclosures (and aftermarket software solutions) will set everything up by default to handle new releases but it's good practice to log in now and then to check. Docker containers shouldn't update automatically because there's a chance something could break or you'd prefer to take backups before updating any installed on the NAS.

Missing out on the latest updates can put your system at risk. Most minor patches come with security vulnerability updates as well as performance boosts. I recommend updating everything on your NAS unless stated otherwise.

4 Don't enable SSL/HTTPS

CAN ANYBODY HEAR ME NOW?

Not using SSL/HTTPS in today's world is akin to wandering around the world of The Walking Dead without any clothes or weapons to defend yourself against the dead. Connecting to your NAS from outside your LAN is a risk, especially without HTTPS/SSL configured with a signed certificate. Whenever you're working with your NAS, always make sure it's over HTTPS and SSL is enabled for all services, even if you don't plan on allowing external access. Some handy ways to open up your NAS and limit connections include VPNs and reverse proxies with VLANs.

3 Use the same default ports

Making it easier for anyone to log in

Did you know you can change the port your NAS uses for the administration GUI? The same goes for apps and services you install on the NAS. For instance, the default Jellyfin port is 8096. By changing just one digit on this port, you're adding an extra layer of protection if someone gains access to your network and starts searching for frequently used services, your Jellyfin instance won't show up. Of course, this isn't a guarantee you'll keep your services invisible to anyone on the LAN, but it's a good step to help mitigate anything from happening ... and it doesn't take long to configure per service.

2 No VPN is used on the LAN

Get yourself protected

Are you using a virtual private network (VPN)? If not, you should as they're a great way to keep everything you do online safe from prying eyes. A VPN can also be handy for getting around geo locks and other annoying measures. Most NAS operating systems support integrating top VPN services, making it easy to add this layer of protection for your connected storage. If you build your own router and firewall, you could even apply a VPN connection to an entire network, which is pretty cool and negates the need for per-device configuration.

1 Ignore the rest of the LAN

Your PC is just as important as the NAS

Your NAS isn't the only device on the network connected to the internet. With most ISP-provided routers, everything on your network will access the internet somehow. It doesn't matter if you take every security precaution in the manual for your NAS if everything else on the network isn't complying. Your PC is just as likely able to infect your NAS with ransomware or some other unwanted software if it's not patched and you enjoy visiting less trustworthy destinations. Spend some time checking every device on your network to ensure they're protected.

We've covered VLANs here at XDA, which are great for restricting LAN access to specific clients. This can be handy for creating isolated guest networks.