When looking at Synology NAS security, most people are generally looking to harden the NAS itself. While that’s important, securing everything around the NAS is equally important, and potentially better.
Disclosure: Some links below are affiliate links which means that I earn a percentage of each sale at no cost to you. Thank you for your support.
Lower the Attack Surface of a Synology NAS to Improve Security
If you move untrusted devices like IoT devices, security cameras, and just about any WiFi device that you don’t explicitly “trust” to a separate VLAN, then limit access from that VLAN to your LAN with firewall rules, you’re limiting the devices that can access the NAS.
This simple change limits the attack surface internally on your LAN, so if you ensure that devices can’t connect externally (from outside of your local network), the Synology is already more secure than it was. This can be done by using a more advanced firewall like pfSense, or an all-in-one device like a UniFi Cloud Gateway Max or UniFi Express.
Pair this with either passwordless sign-in, or two-factor authentication with a YubiKey, and you’ll limit the attack surface on the Synology device and make it harder for attackers to actually sign into the NAS.
None of this is to say that the security settings on a Synology device aren’t important – it’s just to say that if you secure everything around the NAS, it’ll be more secure. The video above goes into greater detail on the entire process and will help you understand how you can lower the attack surface of a Synology NAS.
