Every one of your synology tutorials is pure gold. I can't believe I didn't have this enabled on my NAS - almost lost over 3TB of photos and only retained them because I had a fireproof safe copy. If I had followed this advice before it would have been so much easier. Thank you.
@@ystebadvonschlegel3295 that's exactly what I do... Forget the cloud. I had a safe deposit box that I would swap drives out for years. Keeping one at another location and a set in my fireproof safe. Backup rotation was set in away, at most, I would be a month back at the safe deposit box, the drives from days, week, two weeks. Never keep drives connected to nas just in case it is compromised... They can't get to your backup drive. I have always been prepared for a full restore if that happened... Among other things
Awesome video, I recently bought a 1815+ but hadn't set up snapshots, you made it very easy to follow to set up. Creating a new admin account and demoting your normal login is genius, removes having to make any changes to shares. Thanks for doing this video!!!
Great video! Thanks for reminding everyone to not treat their administrator account like user account. I would also recommend to never save the administrator password to in your browser.
So I just got a 920+ and followed all your VERY HELPFUL VIDEOs. I did run into one issue however, speed. So my setup before was a WD Element 8TB on a USB3.1 connection to my Mac. After seeing your videos on using LRC with Synology, I pulled the trigger, got the 920+, 4 - 8tb EXOS drives and 2 - Samsung 980 SSDs. I followed all your recommendations for setup and even installed the Synology Drive APP. I copied my LRC Catalog to my local Mac, setup Synology Drive, gave it a Synch point on the 920+..... BUT WOW did LRC become very very very.... VERY Slow. So I am trying to figure out, just how to make this transition make sense. I have a very good background with NAS systems, I used to design and build them on many different platforms of OS's and Hardware. AND I am extremely familiar with LRC being a Professional Photographer. I am thinking of placing a USB 3.2 SSD on my MAC, letting it be my Catalog Drive and then just backing that up.... I am curious what else you have tried to speed up your experience? Keep in mind, as a Pro Photographer, my catalogs contain a FULL year of data to pull photos for many reasons at an instant instead of hunting catalogs AND they may track as many as 100k photos... I have been doing this for the past 6 years... My Mac is an i5 with GPU and 64mb of RAM.
This is so well done and useful! Thanks so much for doing this. I'm new to Synology and your videos have taken the mystery out of some of the things I didn't understand.
@@SpaceRexWill Well, you're welcome but it seems small compared to the several hours of valuable information you've given here. You may have saved me from an eventual security threat! So thank you very much for your work.
Your videos have helped me out a lot! One thing that wasn't addressed in this video is how to create a snapshot when you have multiple Shared Folders in a single Volume. I'm not sure if I should create a single snapshot with all the Shared Folders in one, or create individual snapshots. There are at least 15 shared folders in a single volume so that could take some time to do the separately, but I want to set it up with best practice.
Love this video! Super helpful. I am currently backing up my DS920+ with Hyper Backup to the Synology C2 service. Is there anything I should be aware of before enabling Snapshot Replication?
Another great tutorial! I was all onboard for following this until I realized that I had cheaped out and bought a DS220J for my first NAS and it doesn't support BTRFS file system. Now it looks like I'm going to have to go the route of Hyper Backup maybe with a Raspberry Pie remote drive...... Keep up the great work! Having your tutorials has taken all my fear out of getting in there and getting my hands dirty!
Because you set the number of snapshots to 5, that specifies how many snapshots to keep before your rules are applied. So I guess in your scenario, you would only be retaining 5 days, the weeks and months may not apply.
Great video, your help is much appreciated. It’s a pity that Synology doesn’t supply similar videos like this that explains thing so simply and are so easy to follow. Just the right balance of information and technical gobbledegook.
Thank you for the video but on 27th JAN 2021, the rule settings for the Snapshot radically changed from your video: now there are anymore the "latest" snashopt to choose or unchoose...No Idea what I shall do now, it is very complicated, at least for me!
Thanks for this video! Excellent advice! A quick question. -- w ould you recommend turning off the last modified time features of folders to speed up the snapshots. Synology is asking me if I wish to do this. I use my NAS mainly for photos, media files and archived projects. Most of the real-time work is done on my local PC drives. So I *think* turning off the time tagging would be ok. Not sure if this will impact the photos though. What's your thoughts on this?
Great presentation. Will the Snapshot Replication take a lot of space on the disk for video files ? Or even better is there a ratio of the snapshot backup file per terabyte? ( with adding file only not deletion). That will help me so much to evaluate my storage capability .
The best thing about BTRFS snapshots is that they are thin. This means they only take up space if files have been modified. Then they just take up the space of the modification
Hey thank you. Will rewatch and work through it. at the moment I do Hyperbackup every day... but the external HDD is all the time connected via usb. I guess, a hacker would also encrypt that and then, still, all my data is lost... so i have to work again on making my files safer...
In your case the important thing is to not constantly use your Admin account for daily use. That way if your account is compromised the hacker will only have user privileges, not admin. You should also then make sure that the user has no r/w permissions to the volume that is the USB drive
@@SpaceRexWill your right.. i dissabled the "admin" -name account, and did give the rights to my names account. However this one is used for everything... like dsfiles, moments on the phone, connection to my windows 10.. sounds incredible bad... I will start switching the account for this without admin, especially without the r/w permissions to the usb drive volume.
@@SpaceRexWill Okay -what I did was the following: - I added a new admin-account with a random name and a very very strong 30dig.. password. That account has access, also to the USB-Drive. - My standard-account was downgraded to non-admin, but access to all folders. But I removed the access to the USB-Drive, so USB is not visible for this account at all. Therefore the Hyperbackup on the USB-Drive is not visible, just for the admin-account which I just use now for system-changes. - I use two-factor authent. for all user-accounts. Sounds good right? Thank you for your follow-up description, very great. Thanks
I tend to move a lot of big video files from one directory to another, and I don't know how snapshots would handle that. Instead of using snapshots, I just have a regular account with read only SMB permissions, and an admin account without smb/ftp/sftp/afs permissions. So, the only way to modify files is through the admin account, and only through the DSM. I think that's safe enough, I also have the recycle bin if I accidentally delete something.
Wow, now I am glad that I have put the extra money to buy a DS220plus.. btrfs is really a true game changer even for a home set-up. I hope that more people discover your TH-cam channel.
I am confused about the “no SMB” rule. My understanding has been that SMB is the only way to access the Synology NAS from Apple devices, like iPad or Macbook. The system would be managed from a Windows desktop in this example.
Hi , very helpful. I have a small office, recently switched to a btrfs capable nas. I am using Synology Drive to do immediate backups of users windows computer’s files to main nas, then using hyper backup to backup that nas to another older nas. I will now setup snapshots as suggested here. My main concern has been ransomware. I am trying to workout the best way to implement all this and have a user policy. One issue is one Drive setting is to delete files from nas as they are deleted from the users computer. This kind of defeats the purpose of using Drive to save you from accidental deletions but If deleted files stay on the server they will accumulate quickly and Drive recommends 500,000 files per Drive user. Now I’m now thinking with hourly snapshots I can delete from nas when deleted from computer. Any feedback is appreciated . Thanks
Amazing video! I learn so much from you this is the place to say thank you first of all now I have a question I changed the permissions (removed the administrator permissions) for my user as you suggested and went back to my user with normal permissions, the entire desktop was gone and with it the access to quite simple things that I didn't think a normal user would be able to log in or edit I immediately restored the administrative privileges as they were... I wanted to know if it is possible to see the desktop I had with normal permissions and if not, should I enable 2FA instead to increase the security a little more
Thanks for the video. Q, when you do a HyperBackup of the NAS (to say usb HDD or a friend's SYnology NAS), does it backup the snapshots as well, or just the latest version of the file system?
2, Questions what stops them from doing a ransomware on the Snapshot files them self's?? and will the ransomware encrypt the Synology Nas system files making the NAS not work and making it so you cant use Snapshot?? Just a point as I am using a DS920+ for photos docs and Media files and I do have snapshot running.. To cover against mistaken deleting of files or folders,.. But never thought it would stop a Ransomware attack, So have a hard copy on external USB drives as a safety backup.
Good video. You missed the most important part. If they came in through the share, they will still have access via the same share unless you get them out of the main system.
Haha good point I did mention that offhandedly but I probably should have reinforced the fact that unless you figure out the computer that did it you are going to have it happen again
Excellent video SpaceRex and my thought exactly W. Shawn... and, the same question I had in my head half way through the video. After thinking about it, the NAS is for saving the data. Once data is safe, one just needs to rebuild the OS of the infected system from scratch. If each computer in the household has its own user account on the NAS, it should be easy to identify which computer let the attacker in. Create and maintain an instruction guide on how to reinstall the OS and all your software (including the license keys) while your system is functioning normally... print it... and keep it with your system repair disc (or USB Stick; or other system documentation). This is the surest way to know you got rid of any malware. Less assured, but will likely work... since backup/image copies are done at the admin level, restore the infected system from that.
Hello First thank you for all tutorials, very usefull for al. I followed your video to use Snapshot, adding a "security level" in case of trouble with "encrytion" attack. After various scheduled snapshop activation some days agos, everything seems fine, I can see and "browse" the differents snapshots. My Question:I only see a very little difference of the volume occupation on the nas itself, is that normal ? The concerned volume is +- 50 Tb, with 7 busy before. The Storage manager show now +- the same storage space used. Where is the problem ? Thank you for your help (from Belgium)
My NAS is read only to my external logins except for one share that I use to load files into it. NAS is not external facing to the Web either. Has worked ok and I'm appreciative of the extra info on the video :).
Hi Will fantastic video! Question: I'm already using Synology Drive. Can I recover all my data in case of a Crypto Attack with Synology Drive or do I have to use Snapshot Replication? Thx!
You can with some cases with drive but not all. For example the attacker could modify the files 32 times (even if it’s a very small mod) which would remove it from drive version control. It’s wayyy better then nothing but not all the way to snapshot
If admin cred leaked what can stop the attacker to delete snapshots too or remove the package? If you got ransomware how can you enter in dsm? Dsm files are also encrypted the system can’t boot.
I'm to all this. I only ever used Google Photos and now am researching NAS to be my cloud-based solution for remote backups of everything on my phone(s). I have not purchased anything yet in terms of NAS or Synology so I am glad that I am stumbling on this video first so that I can set up my first initialization the correct way. I only have Windows 10. It doesn't look like you are using Windows 10. Can I accomplish all of this on a Windows computer? Did you do a video on BTRFS setups? I'm looking to use or at least compare in my research Synology moments and photo station. You also mentioned that everyone using NAS should be doing backups anyway. I presume this is backups to another remote location. Can you point me to another video that you might have done talking about this? Thanks
Hi. Thank you very much! I can finally use my NAS properly thanks to your vids. In this video you recommend to only enable SMB in your user account (not the admin). But if I disable SMB in the admin, I can't use SMB over VPN to access my NAS externally (even if I try to acces the user account?). So I have to enable SMB in the admin account? Cheers, Tim
Thank you very much! Just one question left, please: In my old admin I've set all the rules for the NAS. Now with the new admin, do I have to reactivate/customize this rules again? Or are they transfered automatically from old admin to new admin? Thank you in advance!!!
Question I hope you can answer please. With an hourly snapshot schedule, and with retention policy you've set up. Say, Friday afternoon, someone clicks on something at 3:30pm and gets their data crypto'ed. They go home, come back Monday morning and notice all their files are encrypted. In this scenario, the latest snapshot that we would be able to roll back to, is the last snapshot on Thursday, as we are keeping them for a 7 days right? So they would lose any changes made to any files on Friday??
Great blog on how to prevent and/or recover from ransomware. I subscribed today. I have or will soon incorporate your recommendations. On a related subject, plan to purchase a 2nd synology nas to enable NAS-NAS backups via Hyperbackup. I plan to buy the DS920 to be my new production nas and then utilize my existing DS418 as the remote NAS. My long-term goal is to cancel my iDrive subscription and totally rely on security practices and encrypted backup (only) nas files I watched your video about how to setup a backup NAS and how to encrypt the files. So just two questions: 1) would the encryption key on my backup DS418 nas prevent any ransome attack on the nas? 2) What is your opinion about dropping cloud backups (months later of course)? Not only is it costly (now at $600 per year) both it would be time consuming to order a recovery drive. Thanks in advice BTW; is there a way to contact you directly via chat of email? Jim
Hey! Answers 1) The encrypted Backup only protects you from threats seeing the data, not if they are able to delete the data, snapshots on the DS418 (if available) would allow you to roll the backup back 2) for me I only recommend paying for cloud backups for your truly crucial data. The ~100-300 gigs of family photos and tax documents that you just cannot get back. This costs normally under $100 per year which I think is well worth it. For the rest of the stuff thats massive files having a hard drive backup that might not survive if your house burns down is probably worth the risk
Hi SpaceRex, somewhere I came accrosss a reaction that said that the error (no external certificate) can be avoided but I can't find it anymore. Do you, and if yes, share it? It would also be a nice addition for the video. Best !!
what if i already started snapshot on the soon to be downgraded user account..?..should i undo snapshots and delete and then re start them under the newly created admin account?
@@SpaceRexWill thank you ,the model I have is a DS215j , i guess i don't have BTRFS then i will then use hyperbackup thanks again and keep it up I'm learning a lot from it
Thanks a lot for this. I have a question though: is there a way to Password Protect a folder in the Synology drive? Not referring to the folder encryption here. Basically, if someone else has access to my PC they also have access to my Synology Drive when mounted - but I want to make sure that they do not access (read or write) the files on a specific folder. I want to make sure that if my files were stolen, the thief is not able to "readily" access the files.
Great Video & channel! Trying to make sure my new DS920+ is as secure as possible. QUESTION... I have snapshot scheduled for the shared drive I created, but I also have ActiveBackupforBusiness installed and running under my user account. Do I need to schedule a Shapshot on that directory as well??? Or do I only need to do a snapshot on my shared folders? Thanks for any additional guidance.
I wanted to ask you if I can access the nas in the local network with Vlc through 'universal plug and play', is it safe in your opinion? Thanks and congratulations for the channel!
Great Video Thanks. The Snapshot Replication App is the only bit that's not working for me:-) You used the new beta version in this video which have different schedule options, although I am sure I will get my head around it eventually, the current Snapshot Replication App "schedule options" are very confusing for someone who has not used it before, unlike the new beta version you used which appears to make a lot more sense.
I have a question! If I only have my drive accessible from Cloud Station Drive, then is it okay if I don't make a separate admin account? It doesn't appear the snapshot folder even appears visible on the computer (even if I show hidden folders). I don't want to make a separate admin account because otherwise I only access my Synology it's just through the browser with a very hard password, and I log out every time.
Great video! Really helpful. Couple of questions: if all my data gets encrypted will it take up twice the space because snapshots save the delta and all data is changed? What happens if the size of the snapshot exceeds the available storage capacity? Should you use max 1/2 of your storage capacity when implementing this?
So in this case it actually does not matter. Basically during the attack the drive will fill up and the attacker will not be able to put any more files in the drive. But that’s ok because synology keeps 10% of your storage (so the volume will not crash) and once you realize what happened you can just delete the encrypted files
Great video, thanks for the info but 1 question: Only admin accounts have access to snapshots? There’s no settings to change to make sure ransomware can’t get to the snapshots to encrypt or delete those?
@@SpaceRexWill Thanks for answering this and my other questions. You’ve helped me figure out what I need/want and my first Synology NAS is in the mail. I hope they’re giving you a good sponsorship! I’ve learned more from your videos than from their videos and website.
Your videos are extremely helpful but here is the novice question - I truly separating user and admin profile, why don't you revoke user privileges for the admin account so that you only have admin check in the user group?
Every one of your synology tutorials is pure gold. I can't believe I didn't have this enabled on my NAS - almost lost over 3TB of photos and only retained them because I had a fireproof safe copy. If I had followed this advice before it would have been so much easier. Thank you.
Hey glad this was helpful and that you like the channel!
What you mean by fireproof copy? Cloud or another remote nas?
@@Hephasto in my case a separate hard drive stuck in my fireproof safe.
@@ystebadvonschlegel3295 that's exactly what I do... Forget the cloud. I had a safe deposit box that I would swap drives out for years. Keeping one at another location and a set in my fireproof safe. Backup rotation was set in away, at most, I would be a month back at the safe deposit box, the drives from days, week, two weeks. Never keep drives connected to nas just in case it is compromised... They can't get to your backup drive. I have always been prepared for a full restore if that happened... Among other things
Awesome video, I recently bought a 1815+ but hadn't set up snapshots, you made it very easy to follow to set up. Creating a new admin account and demoting your normal login is genius, removes having to make any changes to shares. Thanks for doing this video!!!
Hey thanks! Really glad this was helpful!
I've never like so many videos of one creator in a row! Grate job!
Hey thanks man!
Great video! Thanks for reminding everyone to not treat their administrator account like user account. I would also recommend to never save the administrator password to in your browser.
So I just got a 920+ and followed all your VERY HELPFUL VIDEOs. I did run into one issue however, speed. So my setup before was a WD Element 8TB on a USB3.1 connection to my Mac. After seeing your videos on using LRC with Synology, I pulled the trigger, got the 920+, 4 - 8tb EXOS drives and 2 - Samsung 980 SSDs. I followed all your recommendations for setup and even installed the Synology Drive APP. I copied my LRC Catalog to my local Mac, setup Synology Drive, gave it a Synch point on the 920+..... BUT WOW did LRC become very very very.... VERY Slow. So I am trying to figure out, just how to make this transition make sense. I have a very good background with NAS systems, I used to design and build them on many different platforms of OS's and Hardware. AND I am extremely familiar with LRC being a Professional Photographer. I am thinking of placing a USB 3.2 SSD on my MAC, letting it be my Catalog Drive and then just backing that up.... I am curious what else you have tried to speed up your experience? Keep in mind, as a Pro Photographer, my catalogs contain a FULL year of data to pull photos for many reasons at an instant instead of hunting catalogs AND they may track as many as 100k photos... I have been doing this for the past 6 years... My Mac is an i5 with GPU and 64mb of RAM.
Great Video, great energy. Youre the Jim Carry of NAS
I have been looking for this video for a long time ,thank you so much, just subscribed.
Another great video.
I somehow missed your "How To Secure your NAS" video, so that is added to my list to watch and implement.
Cheers.
Hey thanks! Glad it was helpful!
Great explanation of how snapshots work! Thanks!
Thanks!
So thorough! Thanks so much. I will be watching all of your Synology NAS videos!
Wow. Unbelievable information. Literally you walk us through how to do this stuff. Incredibly helpful. Thank you SO much!
There's a special place in Heaven for people that work so hard to share their knowledge and help others. To really know, you must teach. Thank you.
Yours are the best Synology videos out there! Thank you so much!
Thank you so much for all the informations! I will follow every single step to protect my Synology NAS! ❤❤
This is so well done and useful! Thanks so much for doing this. I'm new to Synology and your videos have taken the mystery out of some of the things I didn't understand.
Hey I’m glad! Thanks!
5 dislikes from the attackers
Dead
@Hobert Saunas it's a scam site to get your credentials...
Thx for making me aware of the risks of admin rights and I've followed your clear recommendations to secure my NAS!
Glad it was helpful!
Super video! I applauded for $10.00 👏👏👏
Wow! Thanks so much!
@@SpaceRexWill Well, you're welcome but it seems small compared to the several hours of valuable information you've given here. You may have saved me from an eventual security threat! So thank you very much for your work.
Really nice of you!
Your videos have helped me out a lot! One thing that wasn't addressed in this video is how to create a snapshot when you have multiple Shared Folders in a single Volume. I'm not sure if I should create a single snapshot with all the Shared Folders in one, or create individual snapshots. There are at least 15 shared folders in a single volume so that could take some time to do the separately, but I want to set it up with best practice.
I’m curious about this also ie what’s the best approach for multiple Shares…?
Great video & info BTW, thanks..!
Excellent tutorial and I'm looking forward seeing the rest of the security stuff...
Love this video! Super helpful.
I am currently backing up my DS920+ with Hyper Backup to the Synology C2 service. Is there anything I should be aware of before enabling Snapshot Replication?
Another great tutorial! I was all onboard for following this until I realized that I had cheaped out and bought a DS220J for my first NAS and it doesn't support BTRFS file system. Now it looks like I'm going to have to go the route of Hyper Backup maybe with a Raspberry Pie remote drive...... Keep up the great work! Having your tutorials has taken all my fear out of getting in there and getting my hands dirty!
Hey im glad! Thats awesome!
Thank you for sharing this! It was a helpful resource to assist a friend with their NAS.
I'd highly recommend using a de-clicker for your audio. :)
Spot on. I used the Synology Assistant method previously but this way has the Share listed in the explorer directory better - thanks
Thanks for doing this! Really helpful as I start to use my NAS.
Perfect explanation !
I definitely have to create such an account and stop using the only admin account...
Congrats !
Excellent video! Brilliant. Synology has amazing capabilities.
Have a second pool in the Nas with no users having permission...using backups is a good option too?
I'm pretty sure using backup is good option. But don't leave the backup device powered on all the times. Otherwise, backup also get encrypted 😊
Thanks you! We never stop to learn something
New to this whole Synology thing. Thanks so much for this vid!
Glad it was helpful?
Great Video - again! Thanx❤
Because you set the number of snapshots to 5, that specifies how many snapshots to keep before your rules are applied. So I guess in your scenario, you would only be retaining 5 days, the weeks and months may not apply.
Is this definitely the case..?
Great video, your help is much appreciated.
It’s a pity that Synology doesn’t supply similar videos like this that explains thing so simply and are so easy to follow. Just the right balance of information and technical gobbledegook.
Thank you for the video but on 27th JAN 2021, the rule settings for the Snapshot radically changed from your video: now there are anymore the "latest" snashopt to choose or unchoose...No Idea what I shall do now, it is very complicated, at least for me!
Thanks for this video! Excellent advice! A quick question. -- w ould you recommend turning off the last modified time features of folders to speed up the snapshots. Synology is asking me if I wish to do this. I use my NAS mainly for photos, media files and archived projects. Most of the real-time work is done on my local PC drives. So I *think* turning off the time tagging would be ok. Not sure if this will impact the photos though. What's your thoughts on this?
I keep last access times off, its more efficient and not that necessary. You will still have the date the photos were taken in the meta data
Great presentation. Will the Snapshot Replication take a lot of space on the disk for video files ? Or even better is there a ratio of the snapshot backup file per terabyte? ( with adding file only not deletion). That will help me so much to evaluate my storage capability .
The best thing about BTRFS snapshots is that they are thin. This means they only take up space if files have been modified. Then they just take up the space of the modification
Hey thank you. Will rewatch and work through it. at the moment I do Hyperbackup every day... but the external HDD is all the time connected via usb. I guess, a hacker would also encrypt that and then, still, all my data is lost... so i have to work again on making my files safer...
In your case the important thing is to not constantly use your Admin account for daily use. That way if your account is compromised the hacker will only have user privileges, not admin.
You should also then make sure that the user has no r/w permissions to the volume that is the USB drive
@@SpaceRexWill Very helpful, keep up your awesome work!
@@SpaceRexWill your right.. i dissabled the "admin" -name account, and did give the rights to my names account. However this one is used for everything... like dsfiles, moments on the phone, connection to my windows 10.. sounds incredible bad... I will start switching the account for this without admin, especially without the r/w permissions to the usb drive volume.
What you can do is what I did in the video and just create a new admin account and downgrade the account you were using
@@SpaceRexWill Okay -what I did was the following:
- I added a new admin-account with a random name and a very very strong 30dig.. password. That account has access, also to the USB-Drive.
- My standard-account was downgraded to non-admin, but access to all folders. But I removed the access to the USB-Drive, so USB is not visible for this account at all. Therefore the Hyperbackup on the USB-Drive is not visible, just for the admin-account which I just use now for system-changes.
- I use two-factor authent. for all user-accounts.
Sounds good right? Thank you for your follow-up description, very great. Thanks
I tend to move a lot of big video files from one directory to another, and I don't know how snapshots would handle that.
Instead of using snapshots, I just have a regular account with read only SMB permissions, and an admin account without smb/ftp/sftp/afs permissions.
So, the only way to modify files is through the admin account, and only through the DSM. I think that's safe enough, I also have the recycle bin if I accidentally delete something.
Wow, now I am glad that I have put the extra money to buy a DS220plus.. btrfs is really a true game changer even for a home set-up. I hope that more people discover your TH-cam channel.
Hey thanks me too! Its still amazing how much its grown recently I am pretty happy!
BTRFS is really awesome!
New sub as I just barely escaped a ransomware attack... prevention and preparation!!!
Hey thanks!
What ended up happening with your last “close call”
I am confused about the “no SMB” rule. My understanding has been that SMB is the only way to access the Synology NAS from Apple devices, like iPad or Macbook. The system would be managed from a Windows desktop in this example.
Hi , very helpful. I have a small office, recently switched to a btrfs capable nas. I am using Synology Drive to do immediate backups of users windows computer’s files to main nas, then using hyper backup to backup that nas to another older nas. I will now setup snapshots as suggested here. My main concern has been ransomware. I am trying to workout the best way to implement all this and have a user policy. One issue is one Drive setting is to delete files from nas as they are deleted from the users computer. This kind of defeats the purpose of using Drive to save you from accidental deletions but If deleted files stay on the server they will accumulate quickly and Drive recommends 500,000 files per Drive user. Now I’m now thinking with hourly snapshots I can delete from nas when deleted from computer. Any feedback is appreciated . Thanks
Amazing video! I learn so much from you this is the place to say thank you first of all now I have a question
I changed the permissions (removed the administrator permissions) for my user as you suggested and went back to my user with normal permissions, the entire desktop was gone and with it the access to quite simple things that I didn't think a normal user would be able to log in or edit
I immediately restored the administrative privileges as they were...
I wanted to know if it is possible to see the desktop I had with normal permissions and if not, should I enable 2FA instead to increase the security a little more
So glad you put this info out there!
Thanks for the video. Q, when you do a HyperBackup of the NAS (to say usb HDD or a friend's SYnology NAS), does it backup the snapshots as well, or just the latest version of the file system?
Very helpful- thank you! Question: can a non-admin 'user' with read/write permission to a share, encrypt that share? Thanks.
2, Questions what stops them from doing a ransomware on the Snapshot files them self's?? and will the ransomware encrypt the Synology Nas system files making the NAS not work and making it so you cant use Snapshot?? Just a point as I am using a DS920+ for photos docs and Media files and I do have snapshot running.. To cover against mistaken deleting of files or folders,.. But never thought it would stop a Ransomware attack, So have a hard copy on external USB drives as a safety backup.
Do you recommend disabling SMB on your admin account?
Very helpful! Nice clear explanations and practical tips.
Glad you liked the video!
Good video. You missed the most important part. If they came in through the share, they will still have access via the same share unless you get them out of the main system.
Haha good point I did mention that offhandedly but I probably should have reinforced the fact that unless you figure out the computer that did it you are going to have it happen again
Excellent video SpaceRex and my thought exactly W. Shawn... and, the same question I had in my head half way through the video. After thinking about it, the NAS is for saving the data. Once data is safe, one just needs to rebuild the OS of the infected system from scratch. If each computer in the household has its own user account on the NAS, it should be easy to identify which computer let the attacker in. Create and maintain an instruction guide on how to reinstall the OS and all your software (including the license keys) while your system is functioning normally... print it... and keep it with your system repair disc (or USB Stick; or other system documentation). This is the surest way to know you got rid of any malware. Less assured, but will likely work... since backup/image copies are done at the admin level, restore the infected system from that.
Your explanation is excellent! well done
Hello
First thank you for all tutorials, very usefull for al.
I followed your video to use Snapshot, adding a "security level" in case of trouble with "encrytion" attack.
After various scheduled snapshop activation some days agos, everything seems fine, I can see and "browse" the differents snapshots.
My Question:I only see a very little difference of the volume occupation on the nas itself, is that normal ?
The concerned volume is +- 50 Tb, with 7 busy before.
The Storage manager show now +- the same storage space used.
Where is the problem ?
Thank you for your help (from Belgium)
Its to be expected! they are very efficient so the only thing that would count is changed files.
My NAS is read only to my external logins except for one share that I use to load files into it. NAS is not external facing to the Web either. Has worked ok and I'm appreciative of the extra info on the video :).
This is brilliant and for me it is going to change the game. Thanks for this video and everything.
Glad it was helpful!
fantastic videos as always
Do you happen to know why scheduled snapshots cannot be restored? Action 'Restore to this snapshot' is disabled for homes with my elevated account.
Great video with a lot of important things.Thanx a lot!
Glad it was helpful!
Really useful information here! Your tips and info videos are very good 👍
Glad you think so!
This is invaluable. Thank you so much
Great explanation!! and great hair too.
which account should be used to run containers?
Hi Will fantastic video! Question: I'm already using Synology Drive. Can I recover all my data in case of a Crypto Attack with Synology Drive or do I have to use Snapshot Replication? Thx!
You can with some cases with drive but not all. For example the attacker could modify the files 32 times (even if it’s a very small mod) which would remove it from drive version control. It’s wayyy better then nothing but not all the way to snapshot
Please explain how to do automatic , scheduled back up of my C:drive ( certain selected work forders for example ) onto synology !!! PLEASE !
If admin cred leaked what can stop the attacker to delete snapshots too or remove the package? If you got ransomware how can you enter in dsm? Dsm files are also encrypted the system can’t boot.
Thanks a lot for your videos. They have helped me a lot to improve my NAS knowledge
I'm to all this. I only ever used Google Photos and now am researching NAS to be my cloud-based solution for remote backups of everything on my phone(s). I have not purchased anything yet in terms of NAS or Synology so I am glad that I am stumbling on this video first so that I can set up my first initialization the correct way. I only have Windows 10. It doesn't look like you are using Windows 10. Can I accomplish all of this on a Windows computer? Did you do a video on BTRFS setups? I'm looking to use or at least compare in my research Synology moments and photo station. You also mentioned that everyone using NAS should be doing backups anyway. I presume this is backups to another remote location. Can you point me to another video that you might have done talking about this? Thanks
Hi. Thank you very much! I can finally use my NAS properly thanks to your vids.
In this video you recommend to only enable SMB in your user account (not the admin). But if I disable SMB in the admin, I can't use SMB over VPN to access my NAS externally (even if I try to acces the user account?). So I have to enable SMB in the admin account?
Cheers,
Tim
Thank you very much! Just one question left, please: In my old admin I've set all the rules for the NAS. Now with the new admin, do I have to reactivate/customize this rules again? Or are they transfered automatically from old admin to new admin? Thank you in advance!!!
My NAS backs up data from 4 internal drives on my PC. Can I snapshot the backups? Is there any point in that?
Great video.
Great video man, gonna give this a deep dive..
Damn it’s so good!! Thanks man👍🏻
Hello. When i go to restore the shapshot the button is not active. Even if i made many snapshots. What can be the reason?
Likely you are on the home folder. Has different rules
@@SpaceRexWill Can Snapshot work for home folders?
it can, just cannot restore as simply. You can clone with new name
Bro, pls tell me that you are receiving money from Sinology. Your every video is better than Sinology documentation!
Love you bro
well done....the only backup is a backup! :)
haha glad you liked that!
Question I hope you can answer please.
With an hourly snapshot schedule, and with retention policy you've set up. Say, Friday afternoon, someone clicks on something at 3:30pm and gets their data crypto'ed. They go home, come back Monday morning and notice all their files are encrypted. In this scenario, the latest snapshot that we would be able to roll back to, is the last snapshot on Thursday, as we are keeping them for a 7 days right? So they would lose any changes made to any files on Friday??
So yes. If you where worried about this you can have snapshots up to the 5 min mark
Great tutorial, I cant seem to find snapshots in the package center, any ideas?
Perhaps your NAS does not support the BTRFS file system. Mine is DS220j and won't work with snapshots for the same reason.
Great blog on how to prevent and/or recover from ransomware. I subscribed today.
I have or will soon incorporate your recommendations.
On a related subject, plan to purchase a 2nd synology nas to enable NAS-NAS backups via Hyperbackup. I plan to buy the DS920 to be my new production nas and then utilize my existing DS418 as the remote NAS. My long-term goal is to cancel my iDrive subscription and totally rely on security practices and encrypted backup (only) nas files
I watched your video about how to setup a backup NAS and how to encrypt the files. So just two questions:
1) would the encryption key on my backup DS418 nas prevent any ransome attack on the nas?
2) What is your opinion about dropping cloud backups (months later of course)? Not only is it costly (now at $600 per year) both it would be time consuming to order a recovery drive.
Thanks in advice
BTW; is there a way to contact you directly via chat of email?
Jim
Hey! Answers
1) The encrypted Backup only protects you from threats seeing the data, not if they are able to delete the data, snapshots on the DS418 (if available) would allow you to roll the backup back
2) for me I only recommend paying for cloud backups for your truly crucial data. The ~100-300 gigs of family photos and tax documents that you just cannot get back. This costs normally under $100 per year which I think is well worth it. For the rest of the stuff thats massive files having a hard drive backup that might not survive if your house burns down is probably worth the risk
Very impressive. Thank you for video share. Will help me protect my NAS.
Glad you liked it!
Hi SpaceRex, somewhere I came accrosss a reaction that said that the error (no external certificate) can be avoided but I can't find it anymore. Do you, and if yes, share it? It would also be a nice addition for the video. Best !!
what if i already started snapshot on the soon to be downgraded user account..?..should i undo snapshots and delete and then re start them under the newly created admin account?
good video, clear explanation , only I can't find snapshot in download center
Why not?
You might have a model without BTRFS. Use hyperbackup to an external drive
@@SpaceRexWill thank you ,the model I have is a DS215j , i guess i don't have BTRFS then
i will then use hyperbackup
thanks again and keep it up I'm learning a lot from it
Probably a silly question but should I backup the snapshots to an external hdd & the cloud?
Great job on this video
Thanks a lot for this.
I have a question though: is there a way to Password Protect a folder in the Synology drive?
Not referring to the folder encryption here. Basically, if someone else has access to my PC they also have access to my Synology Drive when mounted - but I want to make sure that they do not access (read or write) the files on a specific folder.
I want to make sure that if my files were stolen, the thief is not able to "readily" access the files.
Great Video & channel! Trying to make sure my new DS920+ is as secure as possible. QUESTION... I have snapshot scheduled for the shared drive I created, but I also have ActiveBackupforBusiness installed and running under my user account. Do I need to schedule a Shapshot on that directory as well??? Or do I only need to do a snapshot on my shared folders? Thanks for any additional guidance.
I would not worry about snapshotting the active backup folder as they already have versioning and no smb access
@@SpaceRexWill Thanks for the quick response!
I wanted to ask you if I can access the nas in the local network with Vlc through 'universal plug and play', is it safe in your opinion? Thanks and congratulations for the channel!
Really good video!
Great Video Thanks. The Snapshot Replication App is the only bit that's not working for me:-) You used the new beta version in this video which have different schedule options, although I am sure I will get my head around it eventually, the current Snapshot Replication App "schedule options" are very confusing for someone who has not used it before, unlike the new beta version you used which appears to make a lot more sense.
I have a question! If I only have my drive accessible from Cloud Station Drive, then is it okay if I don't make a separate admin account? It doesn't appear the snapshot folder even appears visible on the computer (even if I show hidden folders). I don't want to make a separate admin account because otherwise I only access my Synology it's just through the browser with a very hard password, and I log out every time.
This is great! Thank you once again.
Happy to help!
What about two-factor authentication?
Hi. Can I do snapshot "whole FILE STATION"? I talk about all user.
Thanks for great content. What is the way/app that you use to log in to your NAS?
I use SMB 99% of the time
@@SpaceRexWill Thanks.
Keep up the great work. You put out the best Synology content out there.
Great video! Really helpful.
Couple of questions: if all my data gets encrypted will it take up twice the space because snapshots save the delta and all data is changed? What happens if the size of the snapshot exceeds the available storage capacity? Should you use max 1/2 of your storage capacity when implementing this?
So in this case it actually does not matter. Basically during the attack the drive will fill up and the attacker will not be able to put any more files in the drive. But that’s ok because synology keeps 10% of your storage (so the volume will not crash) and once you realize what happened you can just delete the encrypted files
@@SpaceRexWill ah that makes sense, thanks!
Thanks, really needed!
Great video, thanks for the info but 1 question: Only admin accounts have access to snapshots? There’s no settings to change to make sure ransomware can’t get to the snapshots to encrypt or delete those?
So you can allow no admins to have read only access to snapshots but either way non admins are not allowed to edit or delete
@@SpaceRexWill Thanks for answering this and my other questions. You’ve helped me figure out what I need/want and my first Synology NAS is in the mail. I hope they’re giving you a good sponsorship! I’ve learned more from your videos than from their videos and website.
Hey thanks! haha they don't pay me, but now they are letting me demo and try out some pretty cool products so its going up!
Great video Thanks ! Any way I can change my volume from EXT4 to BTFRS without re-creating a volume from scratch ?
Unfortunately you cannot. It has to be a tear down and rebuild
Very good video!!!
Thank you.
Your videos are extremely helpful but here is the novice question - I truly separating user and admin profile, why don't you revoke user privileges for the admin account so that you only have admin check in the user group?