Difference between revisions of "Synology"

From wiki
Jump to navigation Jump to search
(Created page with "=Hardening= The certificates are stored in /usr/syno/etc/certificate/_archive. The INFO file defines what applications the certificates are used for. The certificates are in...")
 
Line 6: Line 6:
 
[https://bpmsg.com/how-to-make-your-synology-disk-station-nas-more-secure/comment-page-1/ This page] has some good hardening tips.
 
[https://bpmsg.com/how-to-make-your-synology-disk-station-nas-more-secure/comment-page-1/ This page] has some good hardening tips.
  
Some of the things I did.
+
Some of the things I did:
  
# 2 factor authentication on the web interface
+
* 2 factor authentication on the web interface
# Moved ssh to a high port on my router (NAT xxxx -> synology:22) (and disabled from the internet when not needed)
+
* Moved ssh to a high port on my router (NAT xxxx -> synology:22) (and disabled from the internet when not needed)
# Disable HTTP access
+
* Disable HTTP access
# Installed another webserver as frontend as I doubt synology publishes all security updates in time.
+
* Installed another webserver as frontend as I doubt synology publishes all security updates in time.
# Set home directory protection from 755 to 700
+
* Set home directory protection from 755 to 700
# Disabled admin account
+
* Disabled admin account

Revision as of 19:31, 5 August 2018

Hardening

The certificates are stored in /usr/syno/etc/certificate/_archive. The INFO file defines what applications the certificates are used for. The certificates are in subdirectories with a yet unknown naming convention.


This page has some good hardening tips.

Some of the things I did:

  • 2 factor authentication on the web interface
  • Moved ssh to a high port on my router (NAT xxxx -> synology:22) (and disabled from the internet when not needed)
  • Disable HTTP access
  • Installed another webserver as frontend as I doubt synology publishes all security updates in time.
  • Set home directory protection from 755 to 700
  • Disabled admin account