Work pressure and irregular staffing make holiday seasons the perfect occasion for threat actors. Besides direct attacks on your infrastructure, phishing and other scams targeting employees also take a flight in the weeks before Christmas. Routine maintenance becomes difficult with fewer hands to do the job. Add working from home to the mix, and it looks like you (sysadmin, reboot consultant, designated IT person) will be holding the fort this holiday.
Do you have other plans for your holidays? Luckily, so do we. That’s why we’ve worked on some tools to make large deployments easier to manage and easier to protect. So how to ensure that phishy links clicked on by employees don’t lead to unwarranted access? And how to keep your Synology devices protected, available, and fit to perform throughout the holidays, without having to drop into your admin account?
Ensure login and data security while taking it easy
Last month, the latest upgrade to the Active Insight cloud platform introduced additional functionality, with detailed login analysis and Hyper Backup status overviews. And earlier this fall, Secure SignIn reached full maturity, bringing several modern authentication options together in one solution and app. Let’s dive into how these new tools bolster security — always the first priority.
We introduced Synology Active Insight together with DSM 7.0 to give you a birds-eye view of your entire deployment, whether just a handful of units or several dozen (the beta is currently limited to 50 per account). With Active Insight, you’re getting performance, health, resource use, error messages, and much more consolidated in one intuitive portal and mobile app.
Synology Secure SignIn, also launched this year, is more than a new name for our login security options. It offers safer and faster ways to implement passwordless login and two-factor authentication (2FA), Windows Hello and macOS TouchID for biometric authentication, support for FIDO2/U2F hardware keys, and a login approval process through the new companion mobile app. Secure SignIn lets you protect all your Synology devices conveniently — ensuring that giving away passwords doesn’t equal granting access.
Set up hardware monitoring
To make sure that you can confidently leave your Synology deployment unattended, you’ll want to ensure you receive important notifications and are able to check in on all the key information about your servers. Enable Active Insight on your devices and take a minute or two to explore the different metrics and views available.
Active Insight not only consolidates key performance and usage metrics from all your devices but presents them in a way that helps you identify potential issues before they become problematic. To save you time, warnings and other important information are grouped together at the top of the dashboard.
When issues do occur, timely notifications are sent to the account holder (likely you or your team email), plus anyone else you have set up via “Groups” in Active Insight. This means it is also easy to map specific devices with different colleagues, which is helpful when certain devices have dedicated maintainers or different priorities.
Figure 1: Easily add other users to groups to keep them in the loop about devices they manage.
Active Insight can also create routine reports, aggregating key information into reader-friendly PDF reports and raw data if you have a use for that.
Figure 2: Configure and receive good-looking status reports that can easily be shared, printed, and sent around.
About that password theft
We’re not done yet with Active Insight, but as discussed in the introduction, there has never been a better time to shore up your login security with 2FA than with DSM 7.0. Secure SignIn enables safe two-factor authentication and easy passwordless logins to keep your applications safe and accessible.
Sign-in method | First step | Second step |
2-Factor Authentication |
|
|
Passwordless Sign-In |
|
N/A |
Traditional Authentication |
|
N/A |
Figure 3: Available combinations of authentication options with Synology Secure SignIn. Only 2FA provides real insurance against password theft.
Secure SignIn is available both for access to your admin accounts and to secure Synology applications, such as Drive, Office, or the Active Backup recovery portal used by general employees. To enable sign-in approval, users can grab the companion Secure SignIn app from the Apple App Store or Google Play Store.
Figure 4: The Secure SignIn app doesn’t only provide one-time passwords and login approval. It also sends push notifications to inform you of logins to your account.
Rolling out Secure SignIn to some or all users is simple and can be done in stages. You can toggle the option to require advanced login options for everyone, select groups, or certain individual users and let DSM take care of the onboarding.
Figure 5: Users can be prompted to set up 2FA before the next time they sign in to their Synology applications.
Monitor suspicious logins
Better yet, DSM 7.0 and Secure SignIn now integrate directly with Active Insight to give you a complete overview of login activities across your Synology storage fleet.
The overview pages give you easy access to total number of logins per device, numbers, and types of suspicious login activities (based on, e.g., frequency, timing, geographical location, device used, or IP address), as well as rankings to help identify at-risk devices and a convenient log overview.
Figure 6: The dashboard view lets you check at a glance if login stats and usage are as you would expect across your fleet.
Is consulting a performance dashboard not your idea of a holiday? Luckily, by signing up for Active Insight you enable automated warnings. These are triggered if the system detects successive failed, geographically distant, or non-standard logins on any of your devices, or if Active Insight in any other way identifies a login as suspicious. Did a forgotten user account just sign in after three months of quiet? No worries — you will get a notification.
Check in on your backups
Cross-infections with malware, including ransomware, can precipitate massive data loss. That is, unless you keep up-to-date copies of your crucial data on different media and isolated from your main deployment — in other words, if you adhere to a 3-2-1 backup strategy with good versioning. Remote, versioned backups are your best bet to get systems up and running quickly after an attack, natural disaster, or other calamity.
Hyper Backup should be your go-to solution to secure all crucial data, applications, and configurations on your NAS, preferably with remote backups to a secondary NAS or to the cloud (where you can easily check and access your backups wherever you are). Of course you make sure to check that all your backups are up and functioning before you leave, but Murphy’s law applies to IT, too.
Luckily, Hyper Backup tasks are also viewable on Active Insight, consolidating detailed statistics about all your Synology devices’ backups. Pay your dashboard a visit to view not only failed or incomplete backups, but also backup times, storage use, and transfer sizes across your fleet. Make adjustments before issues arise and you won’t ever need to be without emergency copies when disaster strikes.
Figure 7: The backup dashboard gives a clear overview of backup statuses, as well as the scope and size of backups for each device.
Needless to say, backup monitoring in Active Insight also comes with automated emails and push notifications in case backup matters take a southern turn, custom warnings can be configured, and you can choose to receive periodic summaries in easily shareable PDF and CSV files.
Interested to know more?
If you think the possibilities discussed in this blog would be helpful, join us as we work to develop Active Insight into an increasingly comprehensive monitoring and management tool. While Active Insight is in development, access to all advanced features remains free as part of the Active Insight Beta subscription.
Explore the features yourself with the interactive demo, check this guide for the steps to set up different Active Insight functionalities on your devices, or simply sign in directly to the online dashboard using your existing Synology Account to start protecting your Synology devices better.
Would you like to know more about new backup and security features coming to DSM? Visit our Synology 2022 AND BEYOND event page and watch the dedicated sessions about our latest product innovations.