NAS systems are a practical alternative to the cloud. Whether as a relatively simple data storage device or as a sophisticated mini-cloud with its own apps: A NAS ("Network Attached Storage") on the home network connection offers plenty of storage and keeps the data in your own four walls. However, so that the data can be used on the go, the NAS must of course be connected to the router and to the Internet. Numerous dangers lurk there. This is exactly why you should check the following points to secure your NAS.
8 tips for securing a NAS
1. The password is everything.
One of the first steps in setting up a new NAS unit is to create one or even several passwords. The password is essential for the security of a NAS system, just as it should be the case for your mail account, Facebook account or computer. Choose one that is as complex as possible, with lots of digits, upper and lower case letters and special characters, such as those created by https://passwordsgenerator.net or Norton .
Do you think it's hard to remember? Then you can either use a password manager or of course you can also invent secure passwords yourself: Simply form a three-word sentence and replace characters according to a fixed scheme. About all spaces with exclamation marks, the letter "S" with a "2" and so on. You will then have a secure password that you can easily remember. More tips on how to choose a strong password can be found here.
2. Create a secure administrator
Many NAS systems come with a preset administrator for whom you only had to assign a password when setting up. This is of course an open door for an attacker: This means that he already knows the standard user name and can target the NAS with brute force attacks in order to find out the password. It is therefore advisable, as far as possible, to replace the standard administrator with a different admin name, such as your middle name or something else that not everyone knows immediately. Secure password - see 1. - don't forget!
You should then deactivate the standard administrator..
3.
Do without the provider's cloud service It may be easy, but what is easy for you is not difficult for attackers either: Cloud services offered by the NAS manufacturer allow web access to the NAS system at home. This is wonderfully simple, but it has one major disadvantage: attackers can theoretically also use the web mask. It's no less secure than a Dropbox account, for example - but it still feels bad. Unless you really need the cloud service, you should deactivate it and not use it.
4. VPN instead of cloud and port sharing
Another typical security problem with NAS systems is port sharing: This is necessary, for example, to bring the NAS to the Internet through the router. The problem with this: Of course, these shares also open back doors. The more services (see 5.) that are active, the more port forwarding you have to create. Today modern routers take care of it automatically. However, an open port always means a security risk. So it is better to forego port sharing through the NAS and instead rely on VPN: VPN enables an encrypted connection to your home network and you can use it on the go as if you were at home - without the hassle of port sharing. The setup is not completely trivial, but the effect is an extremely secure NAS access,without making the NAS unnecessarily visible to strolling network criminals. Unfortunately, that doesn't always work: If you run a web server or customer FTP on the device, for example, the NAS must of course be visible on the Internet..
5. Do not activate all services indiscriminately
Many NAS systems are now small computers with a built-in app store. There is almost nothing that is not available as an app for the NAS. However, despite all the gimmicks, you shouldn't forget to activate only those services that you really need: Each service may need a port, and each service may have its own security hole, which makes the NAS system a bit more vulnerable. Apart from that, many services also mean a lot of system load, a lot of processor activity and thus high power consumption of the NAS - so switch off what you don't need.
6. Update firmware as soon as possible
Speaking of security gaps: A NAS is of course "just" a computer system. Even if it doesn't look like it, the devices are mostly a kind of mini PC with a simple and permanently installed operating system, the so-called firmware. Just like with your Windows PC, Mac or smartphone, its developers are not error-free either: Often someone finds a security hole that then needs to be fixed.
With NAS systems, this is only possible with new firmware that has to be imported. Most systems can do this automatically, provided they are online. But even NAS systems that are not connected to the Internet should be updated regularly. You can usually find out whether there is new firmware in the manufacturer's support area.
7. Browser cache harbors dangers
If you use your NAS on the go via a web interface, the browser cache also poses a risk. It doesn't matter whether you use the browser interface via port sharing and dynamic DNS or via the cloud connection of the Use the manufacturer: The browser can represent a security hole on other computers. On the one hand, it can indicate that you have used a NAS here at all, including the access URL. In the worst case, the system even remembers the access using a cookie. So when using your NAS on other computers, make sure that you always log out using the "Log off" function of the web interface. You should also clear the browser cache afterwards.
8. Create regular backups of the NAS
Even with exclusively internal use there are of course security problems: Most NAS systems have hard drives in server quality that last a long time. However, data loss due to a hardware failure can never be completely ruled out. Operating errors can also delete data from the NAS, not to mention attackers. So make sure to create regular backups of the NAS content so that you don't lose any data in the worst-case scenario.
