How to secure Qnap NAS for access over the Internet

Posted on 08 Feb 2022 📧 Subscribe
Contents hide
1 Removing Unknown or Suspicious Users
2 Removing Unknown or Suspicious Applications
3 Changing myQNAPcloud Settings
4 Changing the System Port Number
5 Installing and Running the Latest Version of Malware Remover
6 Changing the Admin Password
7 Changing User Passwords
8 Updating Installed QTS applications
9 Updating QTS

Actions to take If you NAS must be directly connected to the Internet

If, at the discretion of individual users, QNAP NAS is directly connected to the Internet, we recommend the following steps to strengthen your device and to decrease the chance of being penetrated:

  • Put QNAP NAS behind your router and firewall. Do not let QNAP NAS obtain a public IP address. Do not use UPnP and DMZ. It’s advised to turn off UPnP on QNAP NAS as well. Manually set up port forwarding in your router configuration only for the network ports required by specific QNAP NAS services.
  • Stop or disable services, such as Telnet, SSH, web server, SQL server, phpMyAdmin and PostgreSQL, when not in use.
  • Change default external (Internet side) port numbers, such as 21, 22, 80, 443, 8080 and 8081, to customized (randomized) ones. For example, change 8080 to 9527.
  • Use only encrypted HTTPS connections, or other types of secure connections (SSH, etc.).
  • Install QuFirewall on your QNAP NAS and limit the allowed IP addresses to a specific region or subnet.
  • Set up a new administrator account, and disable the default admin account.
  • Use strong passwords for all NAS users, including the new administrator account you’ve just created.
  • Configure MFA (2-Step Verification) on QNAP NAS.
  • Enable auto OS and app updates. Pick a time that works best for you without interrupting your auto backup/sync schedule or other tasks.
  • Enable IP access protection to block IP addresses with too many failed login attempts.

Attackers have been constantly looking for any exploitable weaknesses to take advantage for their own agendas. As a result, QNAP monitors the latest information security intelligence to deliver up-to-date details and software updates, ensuring data security for users. Please work with us and follow the advice and recommendations given in this article, to enhance the resilience of your data/privacy protection strategy.

 

 

 

 

What is the best practice for enhancing NAS security?

 

To prevent malware infection or other attacks, you can check the NAS and configure system settings following these recommendations to better secure your device and protect your data.

  1. Remove unknown or suspicious accounts.
  2. Remove unknown or suspicious applications.
  3. Disable auto router configuration and set up device access controls in myQNAPcloud.
  4. Avoid opening default port numbers to the Internet.
  5. Install and run the latest version of Malware Remover.
  6. Change passwords for all accounts.
  7. Update installed QTS applications to the latest versions.
  8. Update QTS to the latest available version.

Removing Unknown or Suspicious Users

  1. Log on to QTS as administrator.
  2. Go to Control Panel > Privilege > Users.
  3. Verify all users on the list.
  4. Select unknown or suspicious users.
  5. Click Delete.
    A confirmation message appears.
  6. Click OK.

Removing Unknown or Suspicious Applications

  1. Log on to QTS as administrator.
  2. Open the App Center.
  3. Verify all installed applications.
  4. Locate an unknown or suspicious application.
  5. Click Remove.
    A confirmation message appears.
  6. Click OK.

Changing myQNAPcloud Settings

  1. Log on to QTS as administrator.
  2. Open myQNAPcloud.
  3. Go to Auto Router Configuration.
  4. Deselect Enable UPnP port forwarding.
  5. Go to Publish Services.
  6. Deselect all unnecessary services.
  7. Click Apply.
  8. Go to Access Control.
  9. Set Device access controls to Private.
  10. Click Apply.

Changing the System Port Number

If the NAS is directly connected to the Internet (for example, via PPPoE, static external IP address, or a router in DMZ mode), change the system port number in QTS.

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > General Settings > System Administration.
  3. Specify a new system port number.
    Warning: Do not use 22, 443, 80, 8080 or 8081.
  4. Click Apply.

If the NAS is behind a router but is connected to the Internet through port forwarding, specify a new port number on the router. Do not use 22, 443, 80, 8080 or 8081.

Installing and Running the Latest Version of Malware Remover

  1. Log on to QTS as administrator.
  2. Open the App Center, and click the Search icon.
    A search box appears.
  3. Type Malware Remover”, and then press ENTER.
    The Malware Remover application appears in the search result list.
  4. Click Install.
    QTS installs the latest version of Malware Remover.
  5. Open Malware Remover.
  6. Click Start Scan.
    Malware Remover scans the NAS for malware.

Changing the Admin Password

  1. Log on to QTS as administrator.
  2. Click the profile picture on the QTS Task Bar.
    The Options window opens.
  3. Click Change Password.
  4. Specify the old password.
  5. Specify the new password.
    QNAP recommends the following criteria to improve password strength:
    • Should be at least 8 characters in length
    • Should include both uppercase and lowercase characters
    • Should include at least one number and one special character
    • Must not be the same as the username or the username reversed
    • Must not include characters that are consecutively repeated three or more times
  6. Verify the new password.
  7. Click Apply.

Changing User Passwords

  1. Log on to QTS as administrator.
  2. Go to Control Panel > Privilege > Users.
  3. Select a user.
  4. Click Change Password.
    The Change Password window appears.
  5. Specify the old password.
  6. Specify the new password.
    QNAP recommends the following criteria to improve password strength:
    • Should be at least 8 characters in length
    • Should include both uppercase and lowercase characters
    • Should include at least one number and one special character
    • Must not be the same as the username or the username reversed
    • Must not include characters that are consecutively repeated three or more times
  7. Verify the new password.
  8. Click Apply.
  9. Repeat the above steps to change passwords for other users.

Updating Installed QTS applications

  1. Log on to QTS as administrator.
  2. Open the App Center.
  3. Go to My Apps.
  4. Beside Install Updates, click All.
    A confirmation message appears.
  5. Click OK.
    QTS updates installed applications to the latest versions.

Updating QTS

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
  4. QTS downloads and installs the latest available update.


If you like this service, please consider supporting us.
We use affiliate links on the blog allowing NAScompares information and advice service to be free of charge to you. Anything you purchase on the day you click on our links will generate a small commission which is used to run the website. Here is a link for Amazon and B&H. You can also get me a ☕ Ko-fi or old school Paypal. Thanks! To find out more about how to support this advice service check HERE   If you need to fix or configure a NAS, check Fiver   Have you thought about helping others with your knowledge? Find Instructions Here  

☕ WE LOVE COFFEE ☕

Or support us by using our affiliate links on Amazon UK and Amazon US
     

locked content ko-fi subscribe

DISCUSS with others your opinion about this subject.
ASK questions to NAS community
SHARE more details what you have found on this subject
CONTRIBUTE with your own article or review. Click HERE
IMPROVE this niche ecosystem, let us know what to change/fix on this site
EARN KO-FI Share your knowledge with others and get paid for it! Click HERE

ASK YOUR QUESTIONS HERE!