One I like as my NAS is for home use is to have a push notification in case someone tries and fails to log in. If it happens, I can then block the IP address permanently. You can even block whole regions at one time. I've had to do that with 2 portions of Eastern Russia and one part of Turkey. Note that you need to check this after every firmware update. Some will reset push notifications.
Have had no success in setting up openvpn on my ts 251d followed lots of you tube tutorials got it up and running but never able to connect through the pc or get it to work on android a lot of vids are old. Maybe an updated version would help me figure it out thanks.😎👍🇬🇧
How about really obvious: YOURS has drive locks were as the TS-453D does not. So 1. Add one of those Kensington locks to the back of it. 2. Replace the drive trays for $15 each Qnap Hard Disk Drive Tray (SP-TS-Tray-Black) 3. Safely store a key onsite and offsite. 4. Have a plan for evacuation/fire so you don't have to rip the NAS (and your arms) to shreds while half asleep running to a window escape.
alot of good points, but you run through it, its hard to keep up. compound that by the small screen size. Yes i know its typical size. I do appreciate your info, I just made a few settings I didn't know about because of your tutorial. thanks much
I disagree. A quick roundup video of things one can do to harden device security like this should be just that. And with almost eight minutes of video for ten possible "things you've missed or not thought about" and giving a few small pointers in the general direction of where to find said function in the diverse menus I believe this video is pretty darn spot on as far as length goes. After all this is not a "howto" video. A video of, for instance, how to secure a QNAP NAS with a public certificate instead of the self published one could cover half an hour or more easily. This is especially true if every mouseclick is demonstrated and explained in detail which is actually pretty desirable in a good "howto" video, especially for less experienced viewers.
I've a couple of security-related feature requests open with QNAP, including GEO-IP blocking and allow port-based policies - They're promoting the usage of 3rd party apps, then they really need to provide the means of managing them... and finally, to fix their screw up of 2FA (which needs to be disabled when setting up NAS-2-NAS syncing).
I don't put mine on the Internet, so it's impossible to access remotely. If you need to access it remotely then limit access by IP address or VPN, then you are putting your trust in their software and hoping it is vulnerability free.
hello my friend, i have a qnap ts 670 pro with a i7 3770t and 16gb ram...it is possible for you and make sense to install a ssd as operating sistem slot 1 to perform increase speed of vm?and after create a data vol 2 with hdd as storage ?make sense?i do it and the VM rum much faster...its a good solution or can you tip me better?
I've never tried that myself so not sure on the process sorry, maybe check the guides for the unit and see what info they have available, my model had some web pages showing how to do similar upgrades and install an SSD cache.
Don't install the latest updates immediately. Wait at last a month or more until you find out that the latest update doesn't do anything negative.... like it just did to me. After a recent update, the admin PW no longer works, and a 3 second and 10 second PW reset doesn't work either. I can slowly copy the data off to an external USB drive over the network... by the only mistake I made was to not make regular backups of my Wordpress/MySQL databases... if I reset, which is the only option left to me after backing up my data... I still lose all the work I did in my Wordpress sites. Major suckage.
Unfortunately, this is where I am right now... 5 hours later, several admin PW changes later, update to previous firmware... still no access. Is there a way one could somehow could remotely access the file system and access the MySQL database? I kind of doubt that, as by default, it doesn't offer that, unless you specifically permit that (which I did not, for security reasons, of course).
So what’s keeping Qnap themselves from accessing the info on your NAS? Have you read their latest privacy policy? They basically say they have access to everything you do and data stored on their devices.
Nothing I guess, unless you can see the code of everything running on the system you have no idea, which is why many people opt for open source solutions - not that they actually audit the code themselves anyway so not sure how big of a difference it is.
Jarrod'sTech Exactly... So why would any business choose to use these devices to store their data? I don’t have a business and just use my Qnap NAS for personal usage. I would make my own server and NAS if I was to use it for running a business.
I also use mine for personal use, so it's not an issue. You could say the same about using Windows though, who knows what backdoors exist, you can always be super paranoid but realistically I'm not sure it's too likely some company is going to care enough to go through some random small businesses data, assuming their device is on the Internet for some reason.
I suppose you could do that, if you're concerned about the password for the admin account being compromised. Only real reason I can imagine doing that is to prevent password brute force guessing attack on the known 'admin' user, but if you have set a sufficiently strong password trying to do that shouldn't be successful anyway.
As far as I am able to tell at the moment it's still not possible to disable and/or alter the username of the builtin admin account, even on the newer QNAP NAS models.
Thanks, it was just a suggestion, there has to be a better way so people don't leave the defaults, maybe if it forced change on login, that'd probably work.
I agree with Jarod's Tech. Forcing users to change the default password on first login/device installation to a secure password should be the way to go for manufacturers of any device with a network connection. Also, one wants to be able to delete or at least disable the built-in administrator account after creating a administrator account with a useraccount name of ones own choosing to further enhance security. But as far as I can tell QNAP, while creating pretty awesome products, still do not offer that function even on their newer models. There are simply to many devices out there with the default credentials still in place, because the manufacturer does not force the end user into changing them. As far as I am concerned the thinking behind this was already flawed ten years ago but nowadays? You could say it's pretty unacceptable. And if anyone reading this believes this is a "their problem" kind of situation, think again. When big websites suffer from DDOS attacks initiating from a botnet of Internet of Things devices it becomes everyones problem.
2 Step Authentificatn can be skipped by typing in an alternative password. That sucks so much. The idea behind MFA is that you need 2 independant devices (e.g. your brain and mobile phone). But in QNAP you can replace the mobile phone with the google authenticator token by an alternative Password you have defined before (lets say a strong password which is stored in my password database). But what happens if my password database is hacked or the connection is captured by man in the middle. Its always the same password until I change it. The google token is always different because its based on time. In my mind: QNAP would solve this with an alternative password ONLY if you press a key on the qnap hardware itself to allow to accept the alternative password. So you ensure someone hst physical access to the nas device.
Depends where you save it, it's definitely worth making an offsite copy of it securely, otherwise RIP all your data if you forget a password. I save mine in an encrypted file elsewhere.
I stopped after number one since you never even bother to mention the downsides to encrypting. Namely your dataaccess goes down by about 300% or one third of what it would be unencrypted.
I haven't run the benchmarks but I doubt it's 300%, yes there is obviously performance loss with encryption, sorry you thought it necessary to point out, the point here is to secure, which that does, not to improve performance/optimize anything.
To be fair, perhaps it was a 30% loss which would make more sense. The point is you need to give people the full picture. Otherwise they go around making changes to their NAS not understanding the ramifications and creating issues for them down the track.
For what, remote connectivity from the Internet? Perhaps, if you trust their implementation of a VPN service that would always be running and available to the Internet.
Jarrod'sTech no I have ProtonVPN and use my Qnap NAS as an VPN client connected to ProtonVPN so if I use the same ProtonVPN server/ip I can remote connect everywhere only with the vpn enabled and it works like if I am on my local network so I can go into my router settings if I am outside in Las Vegas for example.
Cool, didn't know that was an option although I suppose if you have physical access it's moot when you can probably pull out the power or otherwise negatively affect it.
Okay, so this is a tech geek page huh? Judging by the commenters on here, I'm not so sure about that. Everyone is whining about him going to fast and to slow down? You can do that yourself. Go into the settings icon on the video and you will see speed. It will say normal. Click on normal. Choose .75 if you need to slow the words down a bit. Choose .5 if you are a little challenged. Choose .25 if you have a cognitive disability. You're welcome. Also, my DAS is secure. hehehehe
@@marksimmons9252 Yeah well it's an older video so nothing I can do about it lol, it was how I edited my old videos, I cut out a lot of the gaps between sentences, I leave bigger spaces in more recent videos so it's already been addressed
While not a native english speaker I had zero problems understanding every word you said. As far as I am concerned don't change anything (Apart from your recording spot that is, which you already have done.) as far as tempo and pronuncation goes: You're spot on and it keeps the videos nice and bite-sized. If people have trouble comprehending what you are saying (Which I didn't) I suggest they just rewind a few times, if people are stating they trouble to actually hear what you are saying because of the fact that you supposedly are talking to fast I disagree completely. Very good video, keep up the good work!
One I like as my NAS is for home use is to have a push notification in case someone tries and fails to log in.
If it happens, I can then block the IP address permanently. You can even block whole regions at one time. I've had to do that with 2 portions of Eastern Russia and one part of Turkey.
Note that you need to check this after every firmware update. Some will reset push notifications.
Thank you for taking the time to make this video. I'm not an expert but I use a QNAP TS-563 and found this very helpful.
Have had no success in setting up openvpn on my ts 251d followed lots of you tube tutorials got it up and running but never able to connect through the pc or get it to work on android a lot of vids are old. Maybe an updated version would help me figure it out thanks.😎👍🇬🇧
How about really obvious: YOURS has drive locks were as the TS-453D does not. So 1. Add one of those Kensington locks to the back of it. 2. Replace the drive trays for $15 each Qnap Hard Disk Drive Tray (SP-TS-Tray-Black) 3. Safely store a key onsite and offsite. 4. Have a plan for evacuation/fire so you don't have to rip the NAS (and your arms) to shreds while half asleep running to a window escape.
I could not get to make HTTPS work... something about certificate not valid or something like that
This was so helpful! Thanks for this video!
Good to hear, happy to help!
alot of good points, but you run through it, its hard to keep up. compound that by the small screen size. Yes i know its typical size. I do appreciate your info, I just made a few settings I didn't know about because of your tutorial. thanks much
No problem, sorry I'll try go a bit slower next time. You can always play it slower at 0.5x speed or something :)
I disagree. A quick roundup video of things one can do to harden device security like this should be just that. And with almost eight minutes of video for ten possible "things you've missed or not thought about" and giving a few small pointers in the general direction of where to find said function in the diverse menus I believe this video is pretty darn spot on as far as length goes.
After all this is not a "howto" video. A video of, for instance, how to secure a QNAP NAS with a public certificate instead of the self published one could cover half an hour or more easily. This is especially true if every mouseclick is demonstrated and explained in detail which is actually pretty desirable in a good "howto" video, especially for less experienced viewers.
I've a couple of security-related feature requests open with QNAP, including GEO-IP blocking and allow port-based policies - They're promoting the usage of 3rd party apps, then they really need to provide the means of managing them... and finally, to fix their screw up of 2FA (which needs to be disabled when setting up NAS-2-NAS syncing).
Nice! I found some bugs in the qnap stuff a few months back, got a few CVEs out of it 😓
Does MS provide any dedicated antivirus solution for NAS(Network-attached storage) like Mcafee VSES ?
There are AV options available through the apps on the Nas
How do you stop people from China and Russia from trying to login to your NAS?
I don't put mine on the Internet, so it's impossible to access remotely. If you need to access it remotely then limit access by IP address or VPN, then you are putting your trust in their software and hoping it is vulnerability free.
Can't do that directly. But you can set QuFirewall to allow only IP's from ceratin regions (countrys).
hello my friend, i have a qnap ts 670 pro with a i7 3770t and 16gb ram...it is possible for you and make sense to install a ssd as operating sistem slot 1 to perform increase speed of vm?and after create a data vol 2 with hdd as storage ?make sense?i do it and the VM rum much faster...its a good solution or can you tip me better?
I've never tried that myself so not sure on the process sorry, maybe check the guides for the unit and see what info they have available, my model had some web pages showing how to do similar upgrades and install an SSD cache.
Don't install the latest updates immediately. Wait at last a month or more until you find out that the latest update doesn't do anything negative.... like it just did to me. After a recent update, the admin PW no longer works, and a 3 second and 10 second PW reset doesn't work either. I can slowly copy the data off to an external USB drive over the network... by the only mistake I made was to not make regular backups of my Wordpress/MySQL databases... if I reset, which is the only option left to me after backing up my data... I still lose all the work I did in my Wordpress sites. Major suckage.
Oh that's no good, I've never had any problems with updates myself but I suppose it will vary between models
Unfortunately, this is where I am right now... 5 hours later, several admin PW changes later, update to previous firmware... still no access. Is there a way one could somehow could remotely access the file system and access the MySQL database? I kind of doubt that, as by default, it doesn't offer that, unless you specifically permit that (which I did not, for security reasons, of course).
So what’s keeping Qnap themselves from accessing the info on your NAS? Have you read their latest privacy policy? They basically say they have access to everything you do and data stored on their devices.
Nothing I guess, unless you can see the code of everything running on the system you have no idea, which is why many people opt for open source solutions - not that they actually audit the code themselves anyway so not sure how big of a difference it is.
Jarrod'sTech Exactly... So why would any business choose to use these devices to store their data? I don’t have a business and just use my Qnap NAS for personal usage. I would make my own server and NAS if I was to use it for running a business.
I also use mine for personal use, so it's not an issue. You could say the same about using Windows though, who knows what backdoors exist, you can always be super paranoid but realistically I'm not sure it's too likely some company is going to care enough to go through some random small businesses data, assuming their device is on the Internet for some reason.
@@JarrodsTech Intel loves back doors!
What about disabling the Admin account? And setting admin privileges to a different user?
I suppose you could do that, if you're concerned about the password for the admin account being compromised. Only real reason I can imagine doing that is to prevent password brute force guessing attack on the known 'admin' user, but if you have set a sufficiently strong password trying to do that shouldn't be successful anyway.
As far as I am able to tell at the moment it's still not possible to disable and/or alter the username of the builtin admin account, even on the newer QNAP NAS models.
Cheers for the video.
+Brazil Uluwita no problem!
Thanks for this
No problem!
thx
Great vid!
Thanks!
Very Good; disagree with corporate password on install manual.
Thanks, it was just a suggestion, there has to be a better way so people don't leave the defaults, maybe if it forced change on login, that'd probably work.
I agree with Jarod's Tech. Forcing users to change the default password on first login/device installation to a secure password should be the way to go for manufacturers of any device with a network connection. Also, one wants to be able to delete or at least disable the built-in administrator account after creating a administrator account with a useraccount name of ones own choosing to further enhance security. But as far as I can tell QNAP, while creating pretty awesome products, still do not offer that function even on their newer models.
There are simply to many devices out there with the default credentials still in place, because the manufacturer does not force the end user into changing them. As far as I am concerned the thinking behind this was already flawed ten years ago but nowadays? You could say it's pretty unacceptable. And if anyone reading this believes this is a "their problem" kind of situation, think again. When big websites suffer from DDOS attacks initiating from a botnet of Internet of Things devices it becomes everyones problem.
Great , Thank you
+Mohamad Zaroura no problem!
2 step authentication is another way to secure the qnap.
Hmm I've never seen that option in mine, that does sound very useful though.
It's under the options menu (Where you can also change the wallpaper style etc.)
Link to QNAP howto: www.qnap.com/en-au/how-to/tutorial/article/how-to-enhance-account-security-using-2-step-verification
2 Step Authentificatn can be skipped by typing in an alternative password. That sucks so much. The idea behind MFA is that you need 2 independant devices (e.g. your brain and mobile phone). But in QNAP you can replace the mobile phone with the google authenticator token by an alternative Password you have defined before (lets say a strong password which is stored in my password database). But what happens if my password database is hacked or the connection is captured by man in the middle. Its always the same password until I change it. The google token is always different because its based on time.
In my mind: QNAP would solve this with an alternative password ONLY if you press a key on the qnap hardware itself to allow to accept the alternative password. So you ensure someone hst physical access to the nas device.
Thanks!!
No problem!
Encrypting and saving the key is like no encrypting at all.
Depends where you save it, it's definitely worth making an offsite copy of it securely, otherwise RIP all your data if you forget a password. I save mine in an encrypted file elsewhere.
Safer way of encrypting would be to encrypt via Winrar
good!
👍
DO NOT save the encryption key. Anyone stealing the entire NAS can just reset the admin account and then all disks will decrypt.
I stopped after number one since you never even bother to mention the downsides to encrypting. Namely your dataaccess goes down by about 300% or one third of what it would be unencrypted.
I haven't run the benchmarks but I doubt it's 300%, yes there is obviously performance loss with encryption, sorry you thought it necessary to point out, the point here is to secure, which that does, not to improve performance/optimize anything.
To be fair, perhaps it was a 30% loss which would make more sense. The point is you need to give people the full picture. Otherwise they go around making changes to their NAS not understanding the ramifications and creating issues for them down the track.
Qvpn???
For what, remote connectivity from the Internet? Perhaps, if you trust their implementation of a VPN service that would always be running and available to the Internet.
Jarrod'sTech no I have ProtonVPN and use my Qnap NAS as an VPN client connected to ProtonVPN so if I use the same ProtonVPN server/ip I can remote connect everywhere only with the vpn enabled and it works like if I am on my local network so I can go into my router settings if I am outside in Las Vegas for example.
Jarrod'sTech yo
Man! Make some Points between the Words!
Nah.
disable reset button
Cool, didn't know that was an option although I suppose if you have physical access it's moot when you can probably pull out the power or otherwise negatively affect it.
Okay, so this is a tech geek page huh? Judging by the commenters on here, I'm not so sure about that. Everyone is whining about him going to fast and to slow down? You can do that yourself. Go into the settings icon on the video and you will see speed. It will say normal. Click on normal. Choose .75 if you need to slow the words down a bit. Choose .5 if you are a little challenged. Choose .25 if you have a cognitive disability. You're welcome. Also, my DAS is secure. hehehehe
lol
lmao!! rare memes!!
😎
point number 10, is not recommended, the hard drive lifetime is shortened, seagate support people this confirmed
Sure, I guess spinning drives up from being stationary causes more stress compared to leaving then running constantly.
Go RED. Problem solved. Seagate is always making excuses for why their stuff fails...........ALL THE TIME!
SSSSSSSSSSSSSSSSLLLLLLLLLLLLLOOOOOOOOOOOOOOOOOOOOOOOWWWWWWWWWWWW DOWN!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Nah. If you can't keep up slow the video speed down.
@@JarrodsTech I am not the first to say it's spoken too fast you sound like Alexa :)
@@marksimmons9252 Yeah well it's an older video so nothing I can do about it lol, it was how I edited my old videos, I cut out a lot of the gaps between sentences, I leave bigger spaces in more recent videos so it's already been addressed
Good information, but talked too fast and has huge echo making it hard to understand
Yeah I've improved the spot where I record since this so there should be less echo.
While not a native english speaker I had zero problems understanding every word you said. As far as I am concerned don't change anything (Apart from your recording spot that is, which you already have done.) as far as tempo and pronuncation goes: You're spot on and it keeps the videos nice and bite-sized. If people have trouble comprehending what you are saying (Which I didn't) I suggest they just rewind a few times, if people are stating they trouble to actually hear what you are saying because of the fact that you supposedly are talking to fast I disagree completely.
Very good video, keep up the good work!
@@JarrodsTechI'm not a native english speaker and listened to your video at 125% speed without problems...