12 Things You Must Do to Secure Your NAS

A NAS is an exceptionally useful tool, but it's also vulnerable to attack. Here's what you must do to keep it safe.

Network attached storage offers many advantages over traditional storage. You can automatically access your files from anywhere and back up all of your devices. Unfortunately, NAS drives also have the potential to pose a security risk.

By connecting your hard drives to a network, you could be providing access to hackers. Attacks against NAS are common in business settings, and while attacks against private individuals are less profitable, they still happen.

So how do you protect your NAS from intrusion? Here are twelve ways to make your NAS more secure.

1. Use a Unique Username

When setting up a NAS drive, you are usually invited to use a default username. This is problematic because hackers often use brute force techniques. Hackers need to predict both the username and password for these techniques to be successful.

By using a default username, you provide them with half the puzzle. To avoid this, you don't need to use something as complicated as your password, but you need to avoid names such as Admin.

2. Use a Strong Password

A weak password is a popular way for hackers to enter NAS. They simply use brute force software to try thousands of passwords until they are successful. Because of this, it's important to use a combination of letters, numbers, and symbols.

Passwords also need to be unique. If you use the same password across multiple platforms, a data breach on one platform can affect all of your accounts. If there are multiple users, you also need to enforce this behavior on all of them. It only takes one weak user account for access to be made.

3. Enable Two-Factor Authentication

Two-factor authentication prevents many of the techniques that hackers use to access NAS. It prevents anybody from logging in to your account unless they have physical possession of your 2FA device. This means even if a hacker figures out your username and password, they won't be able to use them.

4. Limit Sign-In Attempts

For a brute force attack to succeed, a hacker needs to attempt to access your account thousands of times. You can prevent this from occurring by limiting sign-in attempts. This automatically blocks an IP address after a user enters the wrong password repeatedly.

5. Use Random Ports

NAS drives all use the same ports for connections. Because of this, hackers know exactly where to look when trying to hack one. You can make things more difficult for them by switching the ports to random numbers. A determined hacker can still find out which port you are using, but by making them look for it, you add one more action they need to perform before accessing your files.

6. Limit Access Options

You can access NAS drives in many different ways, including FTP and Shell. This functionality is useful and necessary for some purposes. But the more access options are available, the more possible routes for hackers. Therefore, you should go through the list of access options on your NAS and disable any that you don't need. Most people only access their drives using a single route anyway.

7. Install Updates

NAS drive manufacturers release regular firmware updates. The purpose of these updates is to fix vulnerabilities as they are discovered. NAS is used heavily by businesses of all sizes. Because of this, vulnerabilities are widely advertised on the dark web. If your NAS drive isn't updated, it potentially has a vulnerability that hackers are actively using. Most NAS drives can also be set to install these updates automatically.

8. Use HTTPS

When you connect to a NAS remotely, you have the choice of using an HTTP or HTTPS connection. HTTP is unencrypted and should be avoided because an attacker could potentially access your files or user credentials by performing a man-in-the-middle attack. HTTPS prevents this by encrypting all data sent to and from your NAS. Almost all NAS drives allow you to select HTTPS within the security settings page.

9. Use a VPN

Many NAS drives can be converted to VPN servers. This allows you to prevent anyone from accessing your NAS from the internet. To access the NAS or the rest of your home network, they have to access the VPN instead. This reduces the number of open ports on your NAS and encrypts all connections automatically.

10. Run Security Software

If your NAS drive has security software, you should run this program on a regular basis. This type of software is designed to tell you if there are any potential security issues. For example, it will report both ports left open unnecessarily and any suspicious log-ins.

11. Use the Firewall

Many NAS drives have built-in firewalls. If your drive has one, you should turn it on and configure it to only allow incoming connections from specific IP addresses that you trust. Once set up correctly, this prevents anyone who isn't you from even attempting to access your network.

12. Check the Rest of Your Network

NAS drives are often accessible by other devices on the same network. Because of this, it's possible that if a hacker gains access to one device, they may also gain access to your NAS. Hackers often target IoT devices specifically for this purpose.

In order to protect your NAS, you, therefore, need to protect all of your devices, even those without valuable data. You should also avoid adding any unnecessary devices to your network.

Don't Use NAS If You're Unable to Secure It

A properly configured NAS is a useful tool for storing files, accessing them anywhere, and streaming media. However, a poorly configured NAS is also a security risk that many people add to their network without sufficient thought.

If a hacker manages to access your NAS, you risk your files being stolen. If your files are valuable enough, you also run the risk of ransomware. A NAS is a highly useful product, but one that you should only use after the potential security risks are understood and mitigated.