Shared folder access control
Flexibly assign access rights for users
Creating shared folders for different workgroups and assigning proper privileges for users and groups is an important duty of IT administrators. A well designed interface will help minimize the efforts spent on it. The Turbo NAS provides an easy way to finish the settings on the web-based interface. It can also be joined to Windows AD domain or LDAP directories for convenient user accounts import and access control.Application Notes
User home folders
Without user home folders, it takes IT administrators a long time to create personal folders for each individual user, one by one, on the Turbo NAS. Now, the user home folders feature removes the lengthy process and makes the work extremely efficient. With the user home folders feature turned on, a personal folder will be created automatically when a user logs on to the Turbo NAS for the first time.
Improved efficiency for administrators
With user home folders feature, unnecessary repetition of creating folders and setting permissions for each local user and domain user can be omitted for IT administrators. It saves time and efforts. All user home folders are organized in the “homes” folder that appears to IT administrators, allowing convenient user data backup.
Personal folder for users
The “home” folder is designed for providing a private storage space for each user to store or back up non-collaborative files. User’s home folder can be automatically mapped as a drive letter in the Windows AD environment for easy access.
The Turbo NAS supports Windows ACL, enabling IT administrators to easily leverage the Windows system usage experience to the Turbo NAS for shared folder permission settings and access control. It allows sophisticated shared folder permission settings and thus simplifies IT management for businesses with a large number of users.
By enabling Windows ACL support, the basic permission and 13 advanced permissions can be set up from the Windows Explorer and sync to the Turbo NAS shared folder permission setting. Not only sub-folder permission is supported, but also are the file-level privilege settings. In addition, the same permissions apply to AFP, FTP, File Station and Samba when Advanced Folder Permissions is enabled at the same time.Application Notes
Windows Active Directory (AD)
Centralized access right verification
In business environments, there usually exist different servers of different functions. Typically, it requires separate access right for users to log into each server. While people come and go or new servers are integrated to the network, productivity of IT administrators is usually declining because of the increasing tasks of dealing with the tedious and redundant privilege settings for the changes.
The Turbo NAS can be easily joined to Windows AD for efficient user account management. The domain users can enjoy using the same Windows AD account name and password to connect to different Turbo NAS on the local network, and IT administrators can benefit from the centralized access right verification, thus able to save precious time for other more important tasks. The Turbo NAS supports large-scale AD deployment of up to 200,000 AD users and groups.
The Turbo NAS can now act as a domain controller for Windows. IT administrators can easily configure the Turbo NAS as the centerpiece of organization’s domain directory service to store user account information, manage user authentication and enforce security for a Windows domain.
QTS 4.1 supports SMB 2.0 protocol to improve Microsoft Networking performance by 30-50%*. Besides, the further support of SMB 3.0 protocol for Secured Data Transmission (SDT) provides SMB encryption with secure access to data over the untrusted networks.
LDAP Directory Service
Works with LDAP-based services
QNAP’s LDAP protocol support allows the Turbo NAS to be added to LDAP-based directory services, such as OpenLDAP. As a result, IT administrators no longer need to create and manage the same user account on each server within the network. Instead, users are authenticated centrally by the LDAP server, and can use the same LDAP account name and password to access any Turbo NAS that has been added the LDAP server, largely reducing IT deployment time and increasing business productivity.
The Turbo NAS as LDAP server
For businesses, setting up an LDAP server usually involves additional expenditures on hardware. Fortunately, the Turbo NAS has built in an easy-to-use LDAP Server to save your costs and efforts. Simply enable the LDAP Server function, and all other LDAP-enabled devices and applications could use the Turbo NAS to centrally authenticate users and groups.
QNAP RADIUS server centralizes and consolidates user authentication by maintaining a list of user accounts that are authorized for remote network access through dial-up equipment, Wi-Fi access point, or VPN connections. IT administrators can easily apply access policies to multiple access points for a fine-grained control of network access.
Centralized user authentication
A RADIUS (Remote Authentication Dial In User Service) server provides centralized authentication and authorization management for computers to connect and use a network service. It is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. The new RADIUS server support allows the Turbo NAS to provide the features a RADIUS server can.
Remote management via SSH
In addition to using non-encrypted Telnet to log on the Turbo NAS for remote management, IT administrators can secure the connections with the encrypted Secure Shell (SSH), and execute commands for advanced programming or troubleshooting.
Data access made secured
The Turbo NAS supports both SSL and SSH for secure connection and data transfer. IT administrators can host websites on the Turbo NAS and only allow access via the HTTPS (SSL over HTTP) secure channel. Besides, the Turbo NAS also supports SFTP (SSH File Transfer Protocol or Secure File Transfer Protocol) for safe file access and transfer. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet.
The following services are encrypted:
- Secure rsync backup (encrypted by SSH)
- Secure RTRR backup (encrypted by SSL)
- SFTP: Secure FTP (encrypted by SSH)
- FTPS: SSL/ TLS
- Secure web server (SSL)
- Secure shell access (SSH)
User Manual Encrypted File System Telnet/SSH
Network access protection
IT administrators can set up the black or white list to grant the proper access from different users to the Turbo NAS by IP address.It operates as a policy-based automatic IP blocking by enabling the network access protection command. For example, the command can be set as “in 1 minute, after unsuccessful attempts for 5 times, block IP for 1hour, 1 day or forever.” Once an IP address is denied, the host will not be able to connect to the server anymore regardless of the connection ports it uses.User Manual
Hard drive encryption
Internal drive AES 256-bit encryption
The Turbo NAS supports volume-based encryption to protect sensitive data. A security key or password is required to mount an encrypted volume when the Turbo NAS boots up. All the data cannot be accessed without the encryption key. It prevents the Turbo NAS data from unauthorized access and data breach even if the hard drives or the device were stolen. Certain NAS models further support AES-NI hardware encryption engine that effectively offloads data encryption from CPU, providing faster, more economical data protection and greater security.
External USB/eSATA drive encryption
An external drive attached to the Turbo NAS means easy removal. The important data on the drive needs a solution to protect the data against theft. The Turbo NAS now supports encrypting USB/eSATA hard drives to prevent unauthorized access to the content when they are lost or stolen. IT administrator can choose to encrypt a disk volume or a specific partition in the external drive at the encryption levels: AES-128, AES-192, AES-256.
Hard drives with the file systems EXT4, EXT3, FAT 32, NTFS, or HFS+ are supported.
Military level security
A military level FIPS 140-2 validated encryption, which is considered to be the highest security certification for compliance, is adopted automatically for both internal and external hard drive encryption.User Manual Application Notes
Protects data in mixed environments
Typically, all users within the businesses have installed proper real-time desktop antivirus software. However, the virus evolutes beyond prediction and users’ unintentional attempts to connect to dangerous Internet sites are difficult to avoid. As virus-infected files in a mixed environment could cause substantial damage, having a back-stop antivirus solution on the Turbo NAS that provides cross-platform file sharing is essential.
Based on the open source ClamAV antivirus toolkit, the integrated antivirus solution for the Turbo NAS ensures business continuity by offering detection against the latest viruses, malware, worms, and Trojan horses with continuous free virus database updates. In addition to multiple scan tasks with custom folder selection and scheduled scanning, an E-mail notification upon task completion or virus detection is provided.
McAfee virus scanner
Secure your precious data with McAfee virus protection*. The McAfee virus scanner is available in QNAP App Center. You can easily install it with one click, and enjoy the auto-update for the app and virus definitions. McAfee virus scanner is a paid package with a 30-day free trial.
*Only available for NAS with Intel or AMD processor (excluding TS-269H)
Enhanced system security
A NAS with multiple LAN ports usually allows all enabled network services to access the server contents via each LAN port. This reduces data security. In business, important data should only be accessible by certain people via predefined network protocol, or say, an internal IP address. The Turbo NAS service binding support gives IT administrators flexibility to allow or block specific services from designated network interfaces to assure system security.
Optimizes bandwidth usage
Even not for security’s sake, binding a service to a specific LAN port can guarantee that business-critical applications have optimized network bandwidth.