What is the best practice for enhancing NAS security?

Applicable Products

• All NAS Series
• Security

To prevent malware infection or other attacks, check your NAS and configure system settings based on these recommendations to secure your device and protect your data.

1. Remove unnecessary or unknown user accounts.
2. Remove unknown or suspicious applications.
3. Disable auto router configuration and set device access controls in myQNAPcloud.
4. Disable port forwarding on the router, remote connect using myQNAPcloud Link or QVPN Service.
5. Avoid opening default port numbers to the Internet.
6. Use the latest version of Malware Remover.
7. Change passwords for all accounts.
8. Update installed QTS applications to the latest versions.
9. Update QTS to the latest available version.
10. Create snapshots regularly
11. Install QuFirewall.
12. Subscribe to the QNAP Security Advisory newsletter.

Important : You must be logged in to QTS with an administrator account to perform the following actions.

Remove Unnecessary or Unknown User Accounts

1. Open the Control Panel
2. Go to Privilege > Users. A list of the NAS users is displayed.
3. Delete any user accounts that are no longer required, or any user accounts that you do not recognize.

Remove Unknown or Suspicious Applications

1. Open the App Center.
2. Go to My Apps A list of your apps is displayed.
3. Disable or remove any apps that you do not recognize.

Disable Auto Router Configuration and Set Device Access Controls in myQNAPcloud

1. Open myQNAPcloud.
2. Go to Auto Router Configuration.
3. Deselect Enable UPnP port forwarding.
4. Go to Publish Services.
5. Deselect all unnecessary services.
6. Click Apply.
7. Go to Access Control.
8. Set Device access controls to Private.
9. Click Apply.

Disable port forwarding on the router, remote connect using myQNAPcloud Link or QVPN Service

Note: After disabling Port forwarding, the NAS is still connectable through myQNAPcloud link or QVPN Service

Connect to the NAS using myQNAPcloud Link.

1. Open myQNAPcloud.
2. Click Overview
3. Sign in myQNAPcloud service
4. Go to https://www.myqnapcloud.com and log in with your myQNAPcloud ID.

Connect to the NAS using QVPN service

1. Open App Center
2. Search for QVPN Service
3. Click Install.
4. Click here to know How to set up and use QVPN.

Change the System Port Number

If the NAS is directly connected to the Internet (for example, via PPPoE, static external IP address, or a router in DMZ mode), change the system port number in QTS.

1. Open the Control Panel
2. Go to System > General Settings > System Administration.
3. Specify a new system port number. Warning: The following ports are default system ports that should not be used: 443, 8080, 8081, 80.
4. Click Apply.

If the NAS is behind a router but is connected to the Internet through port forwarding, specify a new port number on the router. Do not use 443, 80, 8080 or 8081.

Use the Latest Version of Malware Remover

1. Open the App Center.
2. Search for "Malware Remover".
3. Click Install.
4. Open Malware Remover.
5. Click Start Scan.

Change the admin Password

1. Click your profile picture on the QTS Taskbar. The Options window opens.

2. Click Change Password.

3. Enter your current password.

4. Enter a new password.

5. QNAP recommends using strong passwords that are:

   • At least 8 characters in length
   • Include both uppercase and lowercase characters
   • Include at least one number and one special character
   • Not be the same as the username or the username reversed
   • Not include characters that are consecutively repeated three or more times

6. Verify the new password.

7. Click Apply.

Change User Passwords

1. Open the Control Panel

2. Go to Privilege > Users.

3. Select a user.

4. Click Change Password. The Change Password window appears.

5. Enter the current password.

6. Enter a new password.

7. QNAP recommends using strong passwords that are:

   • At least 8 characters in length
   • Include both uppercase and lowercase characters
   • Include at least one number and one special character
   • Not be the same as the username or the username reversed
   • Not include characters that are consecutively repeated three or more times

8. Verify the new password.

9. Click Apply.

10. Repeat the above steps for other users.

Keep your QTS apps up to date

1. Open the App Center.
2. Go to My Apps.
3. Beside Install Updates , click All. A confirmation message appears.
4. Click OK. QTS updates installed applications to the latest versions.

Keep QTS up to date

1. Open the Control Panel.
2. Go to System > Firmware Update.
3. Under Live Update , click Check for Update. QTS downloads and installs the latest available update.

Creating snapshots regularly

Note: Using snapshot feature, you must have at least one storage pool, and one volume.

1. Open the Control Panel.
2. Go to Storage & Snapshots > Storage > Storage/Snapshots.
3. Select a volume.
4. Click on the volume name to open Snapshot Manager.
5. Click Schedule Snapshot and Enable schedule.

Install QuFirewall

1. Open the App Center.
2. Search for "QuFirewall".
3. Click Install.
4. Open and enable QuFirewall.

Subscribe to the QNAP Security Advisory newsletter

1. Signup for Security Advisory Newsletter
2. A confirmation email is sent to your email address (check the spam/bulk email folder if you do not receive it). You must click the link to confirm that you want to receive emails from QNAP.