Tuesday, July 27th, 2021 • Welcome to the 💯 No-Nonsense Tech Zone! • 😷 Get Vaxxed 💉!

Steps to Secure Synology NAS Against Ransomware

If you don’t know what ransomware is, check out this post, or take my word for it: It’s really bad. Recently, there has been a wave of attacks that make Synology NAS ransomware susceptible, which has caused a lot of concerns. Not only Synology NAS is popular — I’m a fan myself — these servers are among the best ways to protect your data in the first place. They indeed are, but only when they are safe themselves.

This post will walk you through the steps of securing your Synology NAS against attacks.

Synology NAS Ransomware Prevention: Antivirus
It’s a good idea to have an Antivirus application on your server, but don’t rely on it on ransomware protection.

How ransomware attacks Synology NAS servers

To keep your server safe, you need to know what makes it vulnerable. As far as I know, there has been no security vulnerability. In other words, when appropriately configured, your server is secure.

So far, hackers have gained access to some servers via brute force attacks — they keep guessing the usernames and passwords until they got a combination that works. It’s like trying a ton of keys on a lock, one by one, until one fits.

Unlike lock picking, though, hackers can use software to try hundreds, if not thousands, of combinations per second. They can run through an entire dictionary during an attack. It’s quite annoying. The good news is it’s relatively easy to fight against this type of break-in attempts.

How to keep your Synology NAS ransomware free

Generally, it’s always a good idea to keep your server up-to-date with the latest OS version. Also, install an antivirus package, such as the Antivirus Essential, which is free.

After that, there are two things more you should do: Practice secure user account management and enable auto-blocking.

Synology password rules
Using strong password rules is an excellent way to keep your NAS server safe.

Synology NAS ransomware protection: Secure user accounts

Here are what you should do with the user accounts:

  • Disabled the default admin account since everyone knows this account exists. Make sure you create another account and add it to the administrator group first.
  • Use multiple words for a username. For example, instead of “Dong,” use “Dong Ngo.”
  • Use a hard-to-guess password. You don’t need to use an overly complex one you can’t remember yourself. For example, “MyName1sD0^ng” is a tough password to guess, yet, quite easy to remember, for me at least.

In a Synology server, you can enforce strong passwords by using password rules. Here’s how:

  1. Log in to the server’s interface, open Control Panel
  2. Open User and then tab Advanced
  3. Check the Apply password strength rules and check more boxes underneath accordingly.
  4. Click on Apply.

Synology NAS ransomware protection: Auto-blocking

Auto-blocking is an excellent way to fight against brute force attacks. It enables the server to automatically block the IP address of an attacker after certain wrong guesses that take place within a specified period.

Synology Security
Synology NAS ransomware protection: Enable the server’s Auto Block.

Here’s how to enable Auto-blocking on a Synology NAS server:

  1. Log in to the server’s interface, open Control Panel
  2. Go to Security and then Account tab
  3. Under Auto Block, check the box that reads Enable auto block
  4. Specify the parameters. Generally, fewer login attempts within a more extended period mean better protection. For example, the settings of 5 attempts within 5 minutes are more than enough to block brute-force attacks.
  5. Enable Block expiration if need be. If you don’t, the IP will be blocked until you manually unblock it.
See also  Windows Print Spooler Vulnerability: How to Manage it Today

And that’s it. Your server is now safe as long as you keep your password secure. By the way, there are more settings in the Security section that you can try applying, a bit of warning: some of them might make life difficult for yourself.

☕ Appreciate the content? Buy Dong a Ko-fi!

2 thoughts on “Steps to Secure Synology NAS Against Ransomware”

Leave a Comment