Secure your DiskStation at home


Hello, I am Darren from Synology Product Management team. Today I’d like to share with you some tips of securing your DiskStation.

DiskStation is the ideal place for saving your valuable data, including photo collections, wedding videos, or even sensitive financial documents. You want to access your data anywhere, anytime, and to share them with whom you specified, but of course not at the expense of information security being compromised. No one wants to hear their admin password stolen, the server hacked, or important data exposed to someone they don’t know.

You may think you are not the target of the hacker, but take caution now. According to Verizon data breach report 2011, 83% of the attacks were opportunistic, meaning the victims were selected because they exhibited a weakness or vulnerability that could be exploited. Attackers are also changing the way they hack. Besides large corporations and government sectors, hackers also focus on smaller targets with fewer security defenses. Within the types of compromised data, usernames and passwords accumulate to 45% of the total. The breached data is then sold to black market. But you don’t need to worry. The following are some essential steps and simple tips to prevent hackers from messing with your data.

Part 1 – Stop Eavesdropping – Secure Internet Connection to your DiskStation

By default, you can connect to DSM through port 5000. The connection is established without encryption. However, without encryption, you data could be inspected by others when you are using public Wi-Fi.

Therefore I encourage you to use secure connection to access your DiskStation over the Internet. To connect to Management page, the port number is 5001. You can also establish secure connection to other DSM services such as Photo Station, Web Station, and Surveillance Station.

Once you have enabled HTTPS and have all the configurations ready, you should be able to establish secure connection. However, the following warning may appear on screen and blocks you from connecting directly to DSM. This is because the web browser requires a 3rd party certificate to verify the connection.

If you click on “continue to this website”, the address bar will turn red in IE showing “Certificate Error”. But you can still log in as usual. The data is still encrypted regardless of the error message.

You can take the error message away by getting a certificate from a 3rd party provider. To get one, you have to get a domain name first. Then use the domain to apply a certificate from one of the certificate authorities. You may think they are expensive, but that’s not always the case. One of the good choices for SSL certificates would be StartSSL, a company providing Class 1 certificate (Class 1 are for individuals) for free.

Now import the private key and the digital certificate into DSM. This is under “Web Services”. The browser will not bug you again with the error message. Everyone that logs into DiskStation will see the lock icon in the address bar. The DiskStation is safe from unwanted data leakage.

If you are a tech savvy user, you could log in with command line interface (SSH) and generate a certificate request. Some articles in our forum may be helpful.

Part 2 – Stop Attacks – Don’t let hackers get the chance

Now your connection is encrypted, all data is safe during transmission progress. But this doesn’t prevent your password from being tried. Try enabling IP block. This will automatically block IPs that has made too many failed login attempts within a short period of time. You will be informed by e-mail when this situation happens and see which IP address is trying to access your DiskStation being tried. All blocked IP addresses are stored on the “block list”. But if your friend calls to say he forgot his password and was trying randomly to see if he can hit the jackpot. You can laugh and remove his IP address from the block list. Don’t forget to reset the password so he can access DiskStation again.

In addition to limit the number of failed login attempts, there’s more you can do to boost security level. I usually place the DiskStation behind a router. The router only opens and forwards the required ports (ex: port 21, 80, 5000) to DiskStation. All other ports are closed so hackers won’t be able to sneak in. If your DiskStation is directly connected to the Internet, make sure you set up Firewall in DSM. Don’t let hackers get their chance!

Part 3 – Stop Human Errors – Remember to logout!

In my opinion, the most important element to data security, is the human factor. Sometimes you created accounts for your friends, but they forgot to logout. Of course you wouldn’t like to see it happen. So set the automatic logout time in the DSM Settings of Control Panel.

And one more thing – Share the tip to all of your friends! The golden rule is that never save your password, cache files, or any browse history in a public computer. One convenient way to do this is to use browsers’ ‘InPrivate’ mode. Popular browsers like Internet Explorer 8 (or above), Firefox and Chrome (which calls it Incognito browsing) all include this feature. The best thing is – everything will be cleared after you close the browser and you don’t need to log out!

That’s it for today. I hope the above tips would help you secure DiskStation and minimize the security risk!

- Darren