We use cookies to help us improve our webpage. Please read our Cookie Policy .

Best Practices for Securing Your NAS

Deadbolt started to launch ransomware attacks across a variety of NAS devices and manufacturers around the world at the beginning of 2022. When a device is compromised, almost all files in an affected NAS will be encrypted, and the file extension on each file will change to ".deadbolt".
To unlock data encrypted by ransomware, including but not limited to Deadbolt, a ransom must be paid to possibly save data. There is no guarantee that the criminal organization responsible for the development of ransomware will honor their stated agreement to unlock files. These crimes have caused untold suffering to millions of people.
ASUSTOR NAS devices provide numerous advanced security and backup features that help protect data. If you need to connect to your NAS remotely through the Internet and it contains important information, it is strongly recommended that appropriate security and backup settings be set in your NAS in addition to base settings.
In response to increasingly rampant ransomware, ASUSTOR continues its commitment to monitor and destroy any potential hazards and vulnerabilities before they can be exploited. With each and every update, network security defenses are strengthened and features are added.
However, no software solution is perfect. For those that have questions about information security when using a NAS, this article guides you into how to increase defenses against threats to your data online. There is no guaranteed solution that protects data. All actions contribute to lower overall risk.

The Importance of Security Literacy

NAS devices are designed to be easy to use and compatible with a wide range of protocols and devices. In order to maintain maximum compatibility and lower the threshold for beginners to start using their NAS, default values are set to avoid obstacles after initial setup with easy-to-follow guides for beginners to help strengthen defenses.
In contrast, if you are an advanced NAS user, ASUSTOR’s wide variety of NAS devices provide numerous ways to adjust security settings and keep data safe and backed up, but also offer freedom of choice to choose risk levels. The more rigorous the setting, the safer it is and vice versa.
NAS devices are products that are a necessity for development of modern networks to address the increasing amount of information generated. Listed below are the five things you need to know about NAS security.

  1. Criminal organizations are rampant on the Internet. Criminal organizations continue to steal and blackmail innocent people for illicit gains. Much of this manifests as ransomware; software that locks personal data behind practically unbreakable encryption for a financial ransom. Software updates often come with fixes to fix vulnerabilities from new feature introductions. Fixing vulnerabilities is a race against time to find and remove them before they can be exploited by criminal organizations and no software exposed to the Internet is fully secure.
  2. All information and devices exposed on the Internet are at risk of being attacked.
  3. NAS devices contain numerous data safety features to keep the risks as low as possible, but as network devices, they are not infallible. Keeping proper backups is the safest way to keep data secure. For maximum security, at least one copy should be offline and disconnected to protect against attacks from the Internet.
  4. When using a NAS device, if higher security is required, the corresponding settings on the NAS must be set to lower risks as much as possible.
  5. If only using default values, there is a higher risk of attacks. An ASUSTOR NAS features numerous settings and easy backup features that can help reduce risks of data loss as the result of a ransomware attack in order to protect both data and the convenience of using a NAS.

Securing your NAS = Securing your Data

As the saying goes, prevention is better than the cure. To avoid becoming a victim of ransomware, it is recommended that you take the following precautions:

2 Backing Up Data to an Offsite Location

Backup to public cloud such as Dropbox, Google Drive, Microsoft OneDrive, etc.

Backup to MyArchive hard drive

Backup to local computer

Backup to remote NAS

External Storage Backups

3 Secure Access with VPN connections

You can choose to use the VPN client to ensure the security of your connections or use the NAS as a VPN server letting others connect to it. This way, remote users, branch offices, business partners and even employees on business trips can quickly establish secure connections. ASUSTOR's VPN service brings businesses a truly effective solution.
  • Supports commonly used PPTP, OpenVPN and L2TP/IPsec protocols
  • Ability to instantly view connections and disconnect suspicious connections when acting as a VPN server
  • Supports ability to disconnect and automatically connect upon system startup when acting as a VPN client

4 Automatic Black List and White List

  1. Auto Blacklisting: Enable auto blacklisting so that if an unknown user repeatedly fails to log in more than a specified number of times within a specified time period, the IP address of that user will be automatically blocked.
  2. Instantly view connections on the VPN server and immediately disconnect any suspicious connections.
  3. Designated whitelist: Allow only specific IPs to access your NAS device, no other connections are allowed.

5 Changing the ADM and Web Server default ports

Using the default ports 8000, 8001, 80, and 443 can easily reveal your real IP location, so it is recommended to set your own random 4-digit port number.

6 Disabling Unnecessary Services

If SSH and SFTP are not needed, they should be disabled. They can be enabled when needed. SFTP is needed for ASUSTOR EZ Connect. SSH is not often needed by most customers.
If remote use is required, set only the ports that you need and whitelist only the devices that are supposed to connect. Set your NAS to deny connections from unknown devices.

7 Wake on Wan remote wake-up

Support for System Sleep Mode (S3) and Wake-on-Demand network storage. When you don't need to use the NAS for a period of time (e.g. late at night), you can choose to put the NAS into hibernation mode. ASUSTOR's instant wakeup technology can wake up the NAS from hibernation mode in 1.5 seconds, so you don't need to wait for the boring boot process and then boot up the NAS remotely when you need to use it, completely blocking the chance of attack and securing your data.

You may also like