Can someone please explain to me, a casual home user, why it's dangerous to expose my NAS login page to the internet?... - eviltoast

…without snark or jumping down my throat. I genuinely want to know why it’s so unsafe.

I’m running a Synology DS920+, with my DSM login exposed through a Cloudflare tunnel. I have 2FA enabled, Synology firewall enabled with these rules in place. I also have this IP blocklist enabled.

After all of this, how would someone be able to break in via the DSM login?

  • k1shy@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Speaking as someone who decided to “just be a consumer and trust that my NAS manufacturer had appropriately hardened the login interface”, and was using 2FA, and subsequently fell victim to a ransomware attack:

    Do not expose any port on your NAS to the internet.

    If you really want it available to you when you’re away from home, set up a VPN using a separate device as the VPN server.