Site icon NAS Compares

Synology SRM 1.3 Software Review Part II – Safety & Security

 

Synology Router Manager 1.3 Review Chapters

SRM 1.3 Synology Router Software Review, ALL Parts - HERE
SRM 1.3 Synology Router Software Review, Part 1, Design & Control - HERE
SRM 1.3 Synology Router Software Review, Part 3, Network Management - HERE
SRM 1.3 Synology Router Software Review, Part 4, Safe Access - HERE
SRM 1.3 Synology Router Software Review, Part 5, USB Storage Services & Conclusion - HERE 

Synology SRM 1.3 Review – General Security & Safety

Regardless of whether you are a home or business user, the security of your network is going to be one of your priorities very early on. Both internal network security with the devices that are exchanging packets of data via the router, right the way to how the router governs and manages the stream of data coming from your internet connection, if a router isn’t particularly secure, you will all too quickly find out! Worse still, if you are an inexperienced network technology user or a business lacking in-house IT support, then the ease of configuring a router to be as secure as possible within your specific network environment is going to be even more of an uphill battle. SRM 1.3 tackles this in several very clear ways. First off, despite its incredibly user-friendly browser GUI, the majority of its more potentially insecure architecture elements (i.e those that if you mishandle them or let them open could be disastrous in the wrong hands) are either disabled by default or are locked behind more advanced configuration windows/portals. Some are more obvious than others, such as port forwarding (common to all routers and not something anyone should touch without reason) settings and IP/Mac address blocking, which are all quite useful, but common. However, there are little things of note that are impressively specific to SRM 1.3, such as the power-use admin account being disabled by default. Something that even now in 2022 is still not the case for many routers (including ISP ones) and with those same power user crenedtials printed on the base of the router.

Additionally, all devices (both current and for a period, historical) are monitored in SRM and this allows you to monitor their behaviour, block them, label for for later use in ‘Safe Access’ or simply keep an eye on their behaviour.

If you had additional SRM 1.3 software user accounts, there are several options for restricting an accounts access (IP locking, resritcing individual app/storage access, removing SRM 1.3 dashboard access, etc) and that also extends to auto-block methods that will change the parameters for a scenario where someone is trying to log into an account erroniously.

When it comes to what services, features and applications the router with SRM 1.3 is running, there is a single portal full control list that allows you to quickly disable these quickly in the event you need to shut everything down tight or just want to troubleshoot each service one by one. This list of services and level of control will differ on whether you are using the router as a primary or secondary system, but this single page means to shut down any active internet/network service is really handy.

Then there are the inbuilt firewall settings that allow you to use present configurations for securing your internet access point, as well as the means to create a much more customized set of firewall rules. It has to be said that the bulk of things covered in security in SRM 1.3 so far are available on the bulk of prosumer routers, just not presented in a way as user-friendly as here and not to the same extent in most cases.

Then there is the inclusion of the Synology VPN software within SRM 1.3. VPN Plus allows your Synology Router to host a powerful VPN server that is easy to set up and manage. It supports SSTP, OpenVPN, L2TP over IPSec, as well as Synology’s own SSL VPN protocol and lightweight desktop client. Web-based portal VPN gives users direct access to company intranet sites and there is even an option to provide employees with browser-based remote desktop access. The Synology VPN is a service that supports SSL fast authentication and encryption access to webpages, files, and applications on the Internet (as well as local networks). Here, you can customize things like the Client IP range, Self-owned domain name, ports, security level, authentication, and others. You can also enable split tunnelling, which allows users to connect to destination webpages, applications, and servers in certain local subnets or local IP ranges.

Each Client VPN Access License allows one concurrent user account to use Synology WebVPN, SSL VPN and SSTP, with permanent validity upon activation. Every Synology product that supports VPN Plus comes with a free license. To add more concurrent user accounts at no additional cost, simply sign in to Synology Router Manager (SRM) as an administrator to activate additional free licenses. You can assign permissions to more user accounts than installed licenses. All the accounts are given access on a first-come, first-served basis. When the license quota is reached, no more accounts will be given access until other accounts are disconnected from all Synology SSL VPN, WebVPN, and SSTP services. Once a user account is connected to VPN Plus and starts using any of the three features, it will be allowed to use any of the other features on the same or different devices at once without requiring extra licenses. Each additional connection beyond the first requires registration of a free license.

Features Pre-installed free license Additional free client VPN access licenses
Service Synology SSL VPN 1 concurrent account Up to product specifications
WebVPN
SSTP
OpenVPN Unlimited connections (up to product specifications)
L2TP over IPsec
PPTP
Management Real-time traffic monitor V
Connection history V
Service-based permissions V
Bandwidth control V
Block list V

For those that want to get even more beefed up in the security stakes when accessing the controls and complete GUI of SRM 1.3, you also have the option to create/install a secure tunnel with free and easy installation of the Let’s Encrypt certificates from within the control panel. This is a small extra that you can of course manage for the most part with many other paid certificates if you prefer, but it is still good to have this option available from within the software and that it guides you through the process too.

Speaking of guiding the user through the process, SRM 1.3 also includes the Security Advisor tool (much like the one found in NAS and DSM) that analyzes your system and then provides you with details on how you can strengthen the safeguards, settings and setup of your router. The extent to which it will check and report can be configured in its settings menu, but even in the default configuration, it is quite thorough.

Upon completion of a scan, SRM 1.3 will then provide suggestions on what you need to correct/improve upon. Again, a lot of this is going to be a bit comment-internet-sense-101 (eg don’t use ‘password’ as your password), but it does include several more business-focused recommendations if you chose that level of scanning. The scanning with the security advisor can be triggered manually or set to a regular schedule from with the software and can also be linked to notifications if a potential vulnerability or router weakness is highlighted. This then allows you to connect with the router, access the severity of it and then proceed accordingly.

When it comes to accessing the router and SRM 1.3, local access (eg from on the same network) will be relatively straight forward and unless you have blocked SRM access on a specific account or your IP/Subnet/etc are different to the system, you should have fairly direct and secure access up to this point. But what about remote/internet access? Sometimes you will want to access the router and SRM 1.3 to quickly access a setting/service (perhaps for IT troubleshooting or simply a family memory having difficulty with the network). In that case, you can use the popular Synology Quick Connect service (much like their NAS) to tunnel into the router and SRM 1.3 securely from anywhere in the world, via Synology’s encrypted servers. This is a completely free service that is included with ALL Synology products and can also be customized to only allow access via very specific means and by very specific people too.

Then you have ‘Safe Access’, one of the jewels of the crown in SRM 1.3. I will go into more detail on the Safe Access service later on, but in terms of security, alongside a whole bunch of ways to craft a safe and trusted internet access point for your router users, Safe Access also allows you to enable forced Google Safe Browsing and enable the Threat Intelligence database tool. So, let’s go through these two forms of network protection, what they do and how they help.

The safe search functionality allows you to automatically shift the results of popular internet search tools and some social platforms to automatically enable ‘safe’ mode or disable any NSFW content. This will also overwrite any custom policies that users logged into those sites will have (i.e having a Google account logged in and set to show all results’ will be overwritten by the router enforcing safe search rules). This is a feature that is widely available on ISP routers and other paid premium routers, HOWEVER, on those you lack the scaled options of off/low/moderate/high, as well as the option to scale these to individual users/devices on the system and different policies to different sites. Eg you want your employees to have full and unrestricted access to YouTube and Social sites for marketing purposes, but want adult content restricted on typical Google search results in the workplace.

Now Synology’s Threat Prevention dynamically guards the security of your Synology Router as data is handled and manages packets on network devices by inspecting Internet traffic to detect and drop malicious packets and also records network events, for statistical analyses regarding malicious sources to check their severity. Threat prevention is arguably less advanced in its architecture compared with Safe Access, ut is still a great tool in a much broader way.

Understanding the difference between these two approaches to protect your network and your network client base is quite straightforward. They represent two different approaches to your network security. Safe Access is DNS-and IP-based. It integrates several external databases (including Google Safe Browsing) that identify domains and IPs related to malware, phishing, botnets, command and control servers, social engineering, etc. When a device in the network attempts to access the blacklisted destinations, Synology Router prevents the connection from even being established. Threat Prevention, on the other hand, is signature-based. It monitors incoming and outgoing traffic using Deep Packet Inspection (DPI) – not just checking the domain or IP – and is able to drop any malicious packet detected in real-time. In addition to Internet attacks, Threat Prevention can alert you to inappropriate user behaviour, such as sending passwords through unencrypted HTTP traffic. Both packages work automatically. You can review the event logs and adjust the actions, but even if you don’t, they still silently protect you in the background.

The know target lists and algorithms that each of these tools (and other connected databases that feed into the intelligent actions and alerts) are updated regularly in the system database and by default, these are automatically downloaded to their latest versions. It is recommended that you never change these settings.

Overall the background and passive security settings that are configurable in SRM 1.3 are not an enormous leak, at least in terms of the broad result, than more premium routers in the market. What sets SRM 1.3 out from them though is that it is presented in a much more user-friendly fashion, is considerably more scalable and provides a considerable amount of flexibility that most other routers would limit to an ON/OFF switch. The Threat Prevention tool is can be a little underwhelming (perhaps needing more attention than it has, especially compared with Safe Search) but overall the security and safety of internet connectivity via a Synology router and SRM 1.3 is still very good.

 

Synology Router Manager 1.3 Review Chapters

SRM 1.3 Synology Router Software Review, ALL Parts - HERE
SRM 1.3 Synology Router Software Review, Part 1, Design & Control - HERE
SRM 1.3 Synology Router Software Review, Part 3, Network Management - HERE
SRM 1.3 Synology Router Software Review, Part 4, Safe Access - HERE
SRM 1.3 Synology Router Software Review, Part 5, USB Storage Services & Conclusion - HERE 

You can watch the FULL review of the latest WiFi 6 Router from Synology, the RT6600ax, over on YouTube below:

Alternatively, you can watch my full review of Synology SRM 1.3 on this NAS in the video below:

📧 SUBSCRIBE TO OUR NEWSLETTER 🔔


    🔒 Join Inner Circle

    Get an alert every time something gets added to this specific article!


    Want to follow specific category? 📧 Subscribe

    This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

    Need Advice on Data Storage from an Expert?

    Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry.

      By clicking SEND you accept this Privacy Policy
      Question will be added on Q&A forum. You will receive an email from us when someone replies to it.
      🔒Private Fast Track Message (1-24Hours)

      TRY CHAT Terms and Conditions
      If you like this service, please consider supporting us. We use affiliate links on the blog allowing NAScompares information and advice service to be free of charge to you.Anything you purchase on the day you click on our links will generate a small commission which isused to run the website. Here is a link for Amazon and B&H.You can also get me a ☕ Ko-fi or old school Paypal. Thanks!To find out more about how to support this advice service check HEREIf you need to fix or configure a NAS, check Fiver Have you thought about helping others with your knowledge? Find Instructions Here  
       
      Or support us by using our affiliate links on Amazon UK and Amazon US
          
       
      Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

      ☕ WE LOVE COFFEE ☕

       
      Exit mobile version