7 Important Things You Must Do To Secure Your NAS
Network-attached storage, or NAS, is a practical solution for storing large amounts of data and being able to access it from any location.
A NAS drive acts like a mini server that creates its own network that any other device can access, provided it has the correct credentials. This setup is ideal for small businesses that need collaborative access to files, and it’s faster than using a cloud storage service.
NAS also offers additional peace of mind for those who have privacy or security concerns over cloud storage. As your NAS drive is in your physical possession and you’re not sharing it with other individuals, businesses, or external administrators you have more control over who can access your data.
However this doesn’t mean that your NAS will be completely secure out of the box. As with any device connected to the internet, it’s vital to follow security best practices to protect your data from unauthorised access.
1. Change the Default Admin User and Password
Your NAS drive will come from the factory with a default admin account and password. These default login credentials enable you to access the control panel of your NAS device for initial setup, after which you can then set up your own user accounts and passwords.
While most users are sensible enough to change the default password, it’s less common to change the username of this default account to something other than “admin”. The problem with leaving your admin username, as “admin” is that it makes it much easier for hackers to crack the password with brute-force attacks.
If you can’t change the default admin username to something less obvious, delete or disable it and set up a new admin account.
You should also, of course, make sure you choose a secure password. Random combinations of uppercase and lowercase letters and special characters are the most secure.
Make sure you change your password regularly, and don’t share the same password you use across other devices and services.
If other people will have their own user accounts to access your NAS, it’s important that they understand the importance of password security too. Some devices allow you to scan for weak passwords and to force a password change after a set number of days.
2. Enable SSL
When you access your NAS remotely, it’s important to make sure the URL starts with https:// instead of http:// and has a padlock icon. This means that your connection is encrypted and your login credentials can’t be intercepted easily.
If SSL isn’t enabled, you will have to enable it in your control panel. This might be labelled as something like “redirect HTTP connections as HTTPS” and you may need to install an SSL certificate on your NAS first. Check your manufacturer user manual for full instructions on how to do this.
3. Enable Two-factor Authentication
Two-factor authentication provides another layer of security for your NAS device by sending a pin code to your mobile device, which you’ll need every time you log in. This means that even if a hacker manages to crack your password, they can’t gain access to your NAS.
You can usually choose whether you want to enable two-factor authentication for all users, or admin users only.
4. Enable Firewall
A firewall enables you to set rules that help your NAS to recognise trusted connections and block any suspicious connections.
For example, you could set up your firewall to only allow connections from certain IP addresses, or block all connections from a certain country.
You can also activate auto-blocking to blacklist IP addresses after a certain number of failed login attempts. This can help to protect your NAS against brute-force attacks.
5. Deactivate All Services You Don’t Use
Your NAS will support several web apps and file services such as FTP, SSH, and SMB. To reduce the number of potential weak spots that a hacker could use to gain access, you should disable all services that you don’t use.
6. Change the Default Ports
Changing your NAS default ports is another security step you can take, similar to renaming or deleting the default admin account. If a hacker is looking for an easy target, they might move onto another victim once they realise they have to go to the trouble of finding out which ports you’re using.
This is an easy change to make in your control panel, and it’s definitely worth doing. Every small thing you can do to increase your security will help to harden your NAS setup.
7. Update the Software Regularly
It’s vital to make sure you’re using the latest version of your NAS software, as this will be the most secure and include recent bug fixes and patches.
Out of date software is a huge opportunity for hackers to gain access to your system, particularly if you’re using a software version that’s known to have security holes.
Cyber attacks are increasing all the time and new exploits are constantly being released, so it’s important to stay on top of the latest updates. If your system offers automatic updates, make sure they’re enabled.
Make Sure Your Home Network is Secure Too
Your NAS is only as secure as your router and local network, so make sure you’re following basic security principles like using secure passwords, updating software and firmware regularly, and avoiding opening suspicious email attachments.
You should also make sure you’re using WPA2 encryption on your router, which is currently the most secure encryption option to ensure your data is not intercepted over the network.
For extra security, you can set up a VPN server on your NAS, if it offers this capability. This enables you to connect to your NAS via VPN. The VPN sits between your NAS and external connections to keep your data private. Using a VPN is vital if you’ll be using public Wi-Fi connections or other non-secure networks to access your NAS.
Finally, if you really want to guarantee a secure NAS, consider whether you need it to be accessible from the outside world in the first place. For individuals and small businesses that only need to access their NAS when they’re in the same building, restricting access to the local network is an easy and effective way to ensure it’s secure.
