In this article, you will discover 10 ways to enhance the security of your Synology NAS with Infomaniak.

Synology NAS servers have found increasing success with private individuals and are therefore the victims of numerous hacking attempts. In order to safeguard against this risk as much as possible, we strongly recommend that you take the time to secure your Synology NAS access.

10 ways to secure your Synology NAS access

To enhance the security of your Synology NAS:

1. Enable dual authentication

Activer la double authentification sur un NAS Synology (DSM 5.2)
Enabling dual authentication on a Synology NAS (DSM 5.2)

2. Choose a strong password

The password to access your Synology should be made up of at least 8 characters with upper case and lower case letters, numbers, and special characters.

3. Disable QuickConnect

When hosting your Synology server with Infomaniak, you will be given a free fixed public IP address which allows you to easily access your Synology server when traveling.

Disable QuickConnect on a Synology NAS (DSM 5.2)

4. Change the default http (5000) and https (5001) ports of the DSM

The port number must be between 1024 and 65535.

synology-dsm5.2-ports-http-https
Changing the default http and https ports of the DSM of a NAS Synology (DSM 5.2)

5. Enable https connection and connection redirection to https

aa
Configuring https access for a Synology NAS (DSM 5.2)

6. Enable DoS protection

synology-dsm5.2-protection-dos
Enabling DoS protection for a Synology NAS (DSM 5.2)

7. Disable DSM integration in iFrame

aa
Disabling DSM integration in iFrame (DSM 5.2)

8. Disable IPv6

For now, the Synology firewall does not handle IPv6.

Disabling the IPv6 of a Synology NAS (DSM 5.2)

9. Configure your Synology firewall

To configure the firewall of your Synology, open the Control panel and from the Security menu, click on the Firewall tab.

Follow these steps in order to enhance the security of your Synology:

9.1 Authorize the DSM http and https ports

synology-pare-feu
Click on the image to see the steps to follow (DSM 5.2)
  • Click on the Create button
  • Under Ports, check the two boxes corresponding to the Synology Management Interface (http & https)
  • Under IP Source, you can limit access to Synology from an area or a fixed IP address if you have one
  • Click on the Save button

Define a restrictive policy for the default firewall

Comment définir par défaut une politique restrictive du pare-feu de Synology (DSM 5.2)
How to define a restrictive policy for the Synology default firewall (DSM 5.2)
  • Check the Refuse access box
  • Click on the Save button

Now, only http and https access to the Synology DSM will be authorized. You will have to manually authorize the ports of the applications you wish to use.

10. Additional security recommendations

  1. Always use the latest version of DiskStation Manager (DSM)
  2. Regularly update the applications you use
  3. Uninstall the application packages you do not use and delete the corresponding Synology firewall authorisations
  4. Consult the journal centre to detect potential anomalies/alerts/errors
  5. Enable email or sms notifications for the important alerts (Control panel > Notification >…)

For more security: the Synology VPN server

You must be aware that even when following all of the security recommendations in this article, all Synology services remain accessible via a simple web browser. This means that if Synology applications have faults, these can be exploited through the internet.

We will see in another article how to guard against this last possibility by restricting your Synology NAS access to the one VPN service.

***

To find out more about the Infomaniak Synology offers.