How to Protect Your NAS and Data Security?

Recently, a number of new ransomware variants were specifically targeted at NAS devices. They exploit security vulnerabilities in some NAS servers or invade the server by constantly guessing the user name and password. Some users were forced to pay just to restore important data encrypted by the ransomware.

How to protect NAS and data security in daily life? TerraMaster introduced following tips for you to avoid the possible risks.

Shut Down Remote Connection

1. Do not expose remote access link for device

There is no absolutely secure server. As long as it is on the public network, it may be compromised. So try not to expose the remote access link for device which can effectively reduce the chance of being attacked.

2. Do not enable the DMZ host for NAS  

Sometimes it is necessary to access some services of NAS from the external network, which requires port mapping, but some people may feel that it is more troublesome, so they directly open the DMZ host for NAS, which directly exposes NAS to the public network.

3. It is recommended not to enable the SSH function 

If the SSH function is enabled by default, it is recommended to close SSH function in the control panel, terminal and SNMP. If used by others, it is equivalent to gaining all control rights of the NAS.

4. Do not map the shared folder with important information to the local drive  

Many people like to map all shared folders to local hard drives, so that access is really convenient, and you can directly perform operations such as copying and deleting like local hard drives. In fact, this is quite dangerous. It is safer to keep important data separately and not map to the local hard drives; or you can also enable the read-only permission.

Local Security Defense 

5. Configure basic TNAS security functions  

Users can configure related security settings in TOS, such as automatic IP blocking, which can block client IP addresses that have failed multiple login attempts; account protection, which prevents accounts from being logged in by untrusted clients; enables HTTPS, protects the network traffic between TNAS and the connected client; custom server dynamic IP, etc.

6. Disable the default admin account  

Generally, hackers will firstly attack the default admin account. It is recommended to create an account avoid using names such as admin, administrator, and set a strong password to protect account security. TerraMaster NAS has currently enabled the self-setting account mode.

7. Create dedicated shared folders  

You can create multiple different shared folders according to the purpose, which is convenient for management, and can also avoid some mis-operations. For example, one for saving photos, one for saving movies, one for downloading, etc.

8. Update to the latest system and open notification service 

TerraMaster will regularly update the TOS system. In addition to functional improvements, it will also simultaneously enhance safety performance. Therefore, we recommend that users consciously update the operating system of TNAS to enjoy the latest features and at the same time strengthen their resistance to security risks. We also recommend opening notifications on TNAS. In the event of an operating error, you can receive notifications via email, SMS or web browser.

9. Choose professional NAS drives

For your data security, it is suggested to use dedicated NAS drives with the same brand and model capacity, such as Seagate IronWolf and WD Red.

10. Connect the NAS with UPS power supply  

Sudden power failure may cause the damage of data and hard drives, so it is recommended to equip the NAS with a UPS power supply. When the UPS power supply going to be exhausted, the NAS will automatically shut down to ensure data and hardware security.

Backup Important Data    

11. Encrypt important data  

For some private information, you can just create an encrypted shared folder for it. At the same time, you need to remember the password.

12. Turn on Snapshot

With Snapshot applications, the saved data are always read-only, which means the previous version of data is not susceptible to any changes. If you need to restore files or entire folders due to accident or ransomware, you can easily perform the restoration.

13. Multiple Backups of NAS Data

Important data in NAS can be backed up to another NAS, Rsync server, Webdav server, various cloud disks, NAS local folders, etc. through various application tools, which can ensure the absolute safety of important data.