How do I protect my home nas?

[ImAmSpecial]

I got a terameter NAS for Christmas and I've been having trouble securing it. A few months ago I received a notification for my Xfinity app saying "xFi Advanced Security blocked a security risk on Home Server , but additional action is needed" when i tap on it it leads to nowhere. I'm not sure what to do because I've done the basics such as making a new admin account, changing a bunch of settings, and Enabled automatic block which seems to not do anything because the IP its coming from is different every time. I'm not sure what else to do because all i can think of is buying a Firewalla Purple which i would like to avoid because its $330. Does anyone have any ideas of what i can do besides of keeping it turned off?

[mr fobs]

Is your NAS available outside of your local network? Like could you access it from a location other than your house? If so then you need a firewall, if you don't want a firewall, only make it available inside your network.

 

I run a family plex server and 3 Minecraft servers and I cannot tell you how many intrusions are blocked by my firewall alone lol

[Needfuldoer]

If you never want to access it from outside your house, and it's not tying into any cloud services, you could set a static IP address for it but not define the default gateway. That will corral it to your local network.

[ImAmSpecial]

12 minutes ago, Needfuldoer said:

you could set a static IP address for it but not define the default gateway. That will corral it to your local network.

Please excuse my ignorance but how do I do this?

[tkitch]

24 minutes ago, ImAmSpecial said:

Please excuse my ignorance but how do I do this?

You'd have to go into the network settings on your NAS Device.

 

For example, if your network is:  192.168.1.XXX  

You could set the NAS to a static IP of: 

 

Static IP:  192.168.1.250

Subnet:  255.255.255.0

Gateway:  192.168.14.14

 

(14.14 is an invalid gateway, and network traffic won't move around outside of the local 192.168.1.XXX network.

[OddOod]

54 minutes ago, ImAmSpecial said:

Please excuse my ignorance but how do I do this?

Welcome to the forums!

 

You should also be able to do it via the settings in the router, but that will depend on the model. It should be under a setting like "DHCP IP Reservations"

[LIGISTX]

3 hours ago, ImAmSpecial said:

I got a terameter NAS for Christmas and I've been having trouble securing it. A few months ago I received a notification for my Xfinity app saying "xFi Advanced Security blocked a security risk on Home Server , but additional action is needed" when i tap on it it leads to nowhere. I'm not sure what to do because I've done the basics such as making a new admin account, changing a bunch of settings, and Enabled automatic block which seems to not do anything because the IP its coming from is different every time. I'm not sure what else to do because all i can think of is buying a Firewalla Purple which i would like to avoid because its $330. Does anyone have any ideas of what i can do besides of keeping it turned off?

Every router has a firewall built in - although consumer routers have pretty “bad” and very nom-configurable firewalls.

 

Knowing exactly what is happening here would help, but it sounds like whatever xfinity app thing that is reporting issues doesn’t actually know what it’s reporting. 
 

A NAS shouldn’t need “any settings” to make it secure. It should be secure by default… did you enable remove access or some sort of VPN?

[Jarsky]

I assume you mean a TerraMaster NAS. 

 

• By default, it should only be accessible locally. 
• As long as you havent forwarded ports from external to the NAS then it should be 'secure'. 
• For security, you should really only use your "admin" account for configuring the NAS. You should create user accounts for accessing the shares. , and only give the users access to the shares they need. 
• If other users don't require Write access, then give them a Read only account. This reduces risk of anyone overwriting or deleting files that they shouldn't. It also helps against Ransomware, if someone gets infected, it cant cryptolocker the NAS if they only have Read only. 

 

Personally all of my machines use a 'guest' account which is Read only, for accessing the NAS. Even my personal PC. 

 

My backup software uses a "backup account" which has Read/Write to the backups on my server, otherwise I just authenticate manually with my Read/Write account to transfer files to it manually.