Table of Contents
Does Synology NAS come encrypted?
Yes. The current startup in basic functions of your Synology NAS will come standard with encrypted options. However, don’t rely on it’s basic encryptions alone. It’s important that you explore other ways to help secure your files. There are options like disabling the admin account, enabling two-factor authentication, disabling SSH, and enabling auto block.
Can a Synology NAS be encrypted?
The answer is yes.
Data protection has become paramount these days, especially with anything connected to an online channel and, ultimately, the Internet (2021 ended with 1,291 serious data breaches). Synology NAS systems can definitely be encrypted as an additional defense if a perimeter breach occurs and access reaches network records.
Built-in encryption capability comes with all Synology NAS Systems
First off, all Synology NAS systems are already designed to allow for and provide encryption. This security feature operates at a 256-bit level of defense, essentially what is known as an Advanced Encryption Standard, or AES, encryption level. All data sets are processed and saved with encryption that can only be accessed and opened by a user with the correct encryption keys. This in turn keeps authorized users in operation while bad actors, even if they can get into the network, are unable to access the data itself. Records become useless without the keys to open them, even if they are copied out to an external storage and deconstructed by a data thief.
Configuration is going to be needed if you want to secure all your files
Second, the setup for a Synology NAS system does not come automatically encrypted, however. One does have to go through a bit of configuration to put things into motion for enhanced protection. That includes starting the encryption, mounting a clean encrypted folder, setting it for automatic use, and then loading the subject data to the protected drive to complete the process. Similar to other systems, the encrypted folder actually functions like a separate, distinct partition. This allows the protection to code anything added to it in an encrypted form.
Fortunately, Synology NAS operating system makes things very easy for conversion. The built-in software allows a user to configure the target folder, set it up from encryption, define the secret keys, and it even allows compression if needed to save space. Once the encrypted folder is complete, for the user with the keys it will look and work just like any other OS folder, and files can be added to it by drag and drop features in a visual GUI format.
Take advantage of mounting for added protection
You may want the encrypted portion of the NAS to only be available at certain times, such as during a known and scheduled backup of regular folders and drives. This is doable as well through the mounting and unmounting feature of the Synology NAS management system. By doing so, a user adds another layer of defense by only allowing physical access to the drive when it is mounted. If not, the drive is protected by both being disconnected from the network as well as with encryption when not in use for backup operations. Of course, that also means the drive can’t be accessed for regular use either until it is mounted again.
Encryption protection is only so effective
Remember, however, encryption is only as good as the users following protocols and not making the private keys vulnerable or losing them. If the keys are compromised, anyone with them can access the encrypted drives, regardless of the protection applied. They would have network access to control and mount the drive and then, using the keys, access the data itself. The protection is then defeated.
Alternatively, if the keys are lost, the encryption may not be possible to break and the data can be lost permanently. While it won’t be compromised, the data won’t be accessible either. As a result, the private keys should be protected and kept in a safe location where they can be recovered as needed without concern about loss.
The beauty of the Synology NAS package is that it meets both the protection and configuration flexibility most network users want in an expanded storage system for redundancy. While the hard-charging SSD drives are ideal for immediate speed, power and fast-reading, the ideal NAS system protects everything so that there is no critical loss of records if everything else fails. And, at the same time, the system is not bogged up with a heavy storage glut. Combined with encryption, the Synology NAS works beautifully, and the configuration features allow it to be tailored for exact use.
Synology NAS best practices for security
The Synology NAS is a computer that is used as a central storage system. It comes with many security features and settings to help people protect their data, but it also has vulnerabilities. The different settings can be confusing for some users, so they are recommended to choose the basic ones, which will keep the device in a secure state while still allowing them to manage all of its functions and run multiple services on it.
Cyber criminals can access data using login credentials or by brute forcing them when someone forgets their password. Threats to network and data security are on the rise, which is why it’s important for enterprises to have a contract with a MSSP (Managed Security Service Provider) in order to help them protect themselves from cloud-based threats.
Below, we’re going to talk about some basic concepts and best practices that you should be doing to secure your Synology NAS.
You can disable the default admin account
As a precaution, you should disable the admin account to prevent unauthorized access.
- Make sure you duplicate the admin accounts data and sign in as the new administrator
- Click on the control panel
- Go to User & Group
- Click on User
- Click on the default admin account.
- Go to info
- Click Deactivate this Account
- Click OK
You can enable two-factor authentication
The Synology NAS comes encrypted, and you can also use two-step authentication to secure your account.
- Start on your Synology desktop
- Click on the user icon on the top right of the screen
- Click on personal
- Click on two-factor Authentication
- Select approve sign in (make sure your QuickConnect is activated)
- Confirm your account password
- Download the Synology sign in app on your mobile phone
- Scan the QR code in the app
- Click next and select opt on the smartphone app
- Tap on the plus icon to open up the camera
- Scan the QR code
- Click next and enter your email address
- Click next and then done
You can disable SSH
The Synology NAS supports mounting encrypted shares through SSH, which is a built-in feature.
SSH is a process and method of remotely accessing and managing your Synology device. In other words, it helps you do more things than what Synology originally intended for it to do. It goes beyond just the web interface that most consumers will be using. It will allow for really complex management and actions.
If you don’t need or don’t want SSH, then you can simply manage your Synology through the web interface. I recommend switching it off.
To disable your SSH service, simply go to your control panel, click on the terminal tab, and look for the check box labeled “enable SSH service” and simply uncheck it.
You can enable auto block
Auto block helps increase the security of your Synology NAS by blocking the IP address of clients who make too many failed login attempts. A lot of times, hackers will try to brute force their way into your Synology, and this is a way to prevent them from succeeding. If you enable auto block, it will automatically block that particular IP address that is repeatedly trying to login to your Synology NAS for a specified time frame.
Go to the control panel, click on the account tab, and check the box that enables auto block. You can also set the number of attempts and how many minutes the person should wait before attempting again. You also noticed that there is an allow and block list button where you can actually add in certain IP addresses that you trust or not.
Synology DSM security updates
The DSM update settings for a Synology NAS are how you can secure your Synology NAS. The DSM update will offer new features and security enhancements for your Synology NAS.
Other interesting articles: