How to Secure your Synology NAS (Best Practices)

Thanks, Tony! Appreciate you watching and thank you for the kind words!

Thanks, Avi! Appreciate you watching!

Thanks for watching and glad they've helped!

Thank you, glad it helped!!

Thank you very much! Your setup sound awesome!! You can actually replicate data/snapshots to a secondary NAS if you'd like. After configuring them, select the "Replication" tab, and your second NAS should appear in the remote section. You will have to connect with your account and select which folder(s) you want to sync, but after you do, the data will sync from NAS A to NAS B, as well as the snapshots (if you selected that option). Keep in mind that this will sync the data as well, but it's a great option.
Here's a tutorial on it if interested, but honestly, if you're happy with how it's currently working, setting up snapshots on both should be more than enough! www.wundertech.net/synology-nas-snapshot-replication-sync-snapshots-to-a-synology-nas/

@@WunderTechTutorials Hey, thanks so much for taking the time to reply in detail! Much appreciated! I will definitely give it a go! Great security tips! Happy New Year sir! 👍🏻

@@tonyvalenti6614 Happy New Year!

Thank you very much! I really appreciate it! Yes, I do: www.wundertech.net/wundertech-consulting/

I have had a session with Frank and it is worth every penny

Thanks so much! I'll add it to my list, but have you considered using Synology Drive? Might be what you're looking for.

Thanks! I do have an older Hyper Backup video that I think shows the Windows application and viewing files, but I might be mistaken. I have something similar coming up soon (I hope)...just need to refine the idea a little! Thanks for watching!

@@WunderTechTutorials awesome, look forward to your video, as with all of them, extremely precise and helpful

Thanks! Snapshots are generally for file recovery - don't think deleted files, think accidently updated files or more severe things like ransomware and being able to recover from them. A VPN is significantly more secure - it's the difference between the NAS being accessible (and thus, attackable) to the entire world and not being accessible to the entire world.

That's kinda what I did. When I bought my new NAS, I put my old one at a relatives place and backup with vault.

@@Steve_Just_Steve I second that. In my case, it's in my detached garage. On the same property, but at least it's out of the house where the main NAS is located.

Thanks! Definitely agree - a second NAS is the best option for users with a lot of data.

Thank you! Before you purchase a new one, there's an option that's available when you create the task that says something like "remove destination external device when backup finishes". Do you know if you enabled that? If you did, the external HDD will unmount every time the backup finishes. Unfortunately, I think the only way to disable that is to recreate the backup task, but it will stop the HDD from disconnecting and is definitely the first thing to check.
If that still doesn't work, I have always used WD EasyStore and haven't had any problems with them.

@@WunderTechTutorials Oh, sorry I should have been more clear. When I say it keeps disconnecting, it does within the first 1-2 minutes of being plugged into the NAS. And the only unreliable solution is to plug in a usb-hub and then plug the external drive into the hub. It lasts longer than a minute, but still not long enough to complete a hyperbackup. I already opened up a ticket with Synology but they aren’t helpful. Is synology NAS really that picky for which type of external drive is being plugged in? Seems a bit crazy. I tried all ports. And even tried a different enclosure.

@@JBehrMusic Got it! Sorry for the confusion. In that case, have you tried to update the firmware on the eHDD? You won't be able to do it on the NAS (assuming new firmware even exists), but you should be able to do it on a PC/Mac. www.seagate.com/support/kb/firmware-updates-for-seagate-products-207931en/
To answer your initial question though, I use WD Easystore drives and never had problems, but I'd try and get the problem solved if possible so you don't need to buy a new one.

I would say there’s a best drive over say, all should work fine regarding backups to it from the NAS. I’ve found getting the cheapest slower spinning drives like WD Blue very affordable and as it’s for backup speed isn’t of the essence here (they still achieve around 160mb/sec)

The firewall is tough from a suggestion standpoint, because I do use it but I acknowledge that it's not necessary for most. If you want to use it simply to keep yourself in check like I mentioned in the video, I think it's a great option. The only other thought would be if you have multiple Tailscale clients and only want certain users to access the NAS. If you don't want to use it for either of those reasons, I'm not sure I'd go crazy implementing it, but it's not a "bad" thing to implement by any means.

For me, I disabled the firewall feature on my Synology NAS'es as I find it redundant and unnecessary since I already have a hardware firewall managing my entire network (including my Synology NAS'es) In fact, it was the culprit of my recent troubleshooting of why I can't access one of my NAS'es when using VPN. I forgot to disable the firewall on one of my Synology NAS'es and it was treating the VPN IP as a foreign one due to the way I have the Synology firewall rule set up. 😅

Good option if you want to keep it enabled!

Yes, those login portals end up being very important. Glad you got it working!

Best to just use a dedicated Synology nas for surveillance station (why I got NVR1218 it's old but works perfectly fine with 4 cams as it includes 4 licenses, normally it's 2)

I don't have any experience with DD-WRT, but you should be able to do it in Synology's firewall. If it's not working, confirm if it's using IPv4 or IPv6 as it might be connecting via IPv6.

On the hard drives, so snapshots are used as a first layer of defense but that's why backups must be configured.

@@WunderTechTutorials ok I see…thanks 💯