Can someone please explain to me, a casual home user, why it's dangerous to expose my NAS login page to the internet?... - eviltoast

…without snark or jumping down my throat. I genuinely want to know why it’s so unsafe.

I’m running a Synology DS920+, with my DSM login exposed through a Cloudflare tunnel. I have 2FA enabled, Synology firewall enabled with these rules in place. I also have this IP blocklist enabled.

After all of this, how would someone be able to break in via the DSM login?

  • MRP_yt@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    If you open your login page to internet without security, someone one day will have a field trip inside your NAS files and will find all your “i know what you did last summer” photos.

    I do have DS423+ and i am too using Cloudfare tunnel to access it from anywhere.

    My CF Tunnel setup done like this:

    Domain: nas.example.com points to http://1.2.3.4: and i have 2 access rules added.

    One of these rules NEEDS to match otherwise - “You Shell Not Pass
    #1: Public IP needs to be matched as my public IP
    #2: Person who wants to login needs to authenticate via Google Authentication. Google authentication needs to match test1@gmail.com or test2@gmail.com

    While i am at home, i use nas.example.com to access my nas instead of using its local IP and cloudflare allows access with no questions asked.
    While i am outside my home network i get asked to authenticate via google and gain access this way.

    +CF Tunnel adds https automatically for me.

    I don’t use any firewall setup or any other rules inside NAS.