Hardening

The certificates are stored in /usr/syno/etc/certificate/_archive. The INFO file defines what applications the certificates are used for. The certificates are in subdirectories with a yet unknown naming convention.

This page has some good hardening tips.

Some of the things I did:

• 2 factor authentication on the web interface
• Moved ssh to a high port on my router (NAT xxxx -> synology:22) (and disabled from the internet when not needed)
• Disable HTTP access
• Installed another webserver as frontend as I doubt synology publishes all security updates in time.
• Set home directory protection from 755 to 700
• Disabled admin account