Your NAS operating system is a treasure trove of customization options and a myriad of settings that make a lot of things possible. But it’s easy for certain things to fall through the cracks — and if one of those is small yet critical, it could leave your NAS exposed to potential security risks. These tiny little settings can make or break the security system you’ve built for your NAS if you leave a low-hanging loophole in plain sight. Below are some important settings on your NAS that you must check to close such security loopholes.
7
Ditch default logins
That ‘admin’ username could lead you into trouble
Sticking to the manufacturer-suggested default settings can be helpful in many cases, especially if you’re new to network storage systems. It makes the setup process easier and gets you up and running quickly. However, it could backfire if you leave your login credentials unchanged — especially the username. NAS units often come with a default admin account that has access to everything on your NAS.
Hackers know this, and if you haven’t switched to a custom username for the admin account, your NAS becomes an easy target. A good measure is to not use the default admin username at all and disable it on the very first change you get. Instead, create a new admin account from day one — this adds a layer of obscurity that could keep attackers from gaining control. While you’re at it, it wouldn’t hurt to create a strong, alphanumeric password, ideally using a password manager.
Related
Best free password managers in 2024
Here are some good options to consider if you are looking to try a password manager, but don’t want to pay a premium right away.
6
Enable two-factor authentication
You’ve heard this one before, right?
As tired as we’ve grown of hearing about using strong passwords, two-factor authentication is in the same vein. We all know how crucial 2FA is in keeping our online accounts safe, even if the password gets compromised — yet many of us still don’t use it regularly. This second protection layer uses a one-time code to verify who is accessing the account and helps prevent suspicious logins.
Unless you have manually enabled it on your NAS, there’s a good chance it’s turned off. Go to your NAS’s account security settings, enable 2FA, and set it up using an OTP app like Authy, or use a physical key like a Yubikey. Either option will drastically bring down your chances of unauthorized account access.
5
FTP should stay in the past
It’s unsecure and a threat to data safety
File Transfer Protocol (FTP) is a pretty old method of transferring files over a network and lacks the sophistication of modern alternatives — yet it’s still used in some cases. The biggest concern? It doesn’t offer encryption, so your data (including sensitive stuff like passwords) travels as plain text. If someone is monitoring your network, they’ll be able to see everything — including login details — and taking over your NAS becomes a smooth sail after that.
Consider disabling FTP for all purposes unless a crucial workflow depends on it — and even then, try to find a more secure workaround. Instead of FTP, you can use SFTP, which has SSH encryption built in, or rely on SMB, which is supported by most mainstream NAS models today.
4
Lock down SSH access
Disable or restrict it to avoid damage
SSH (Secure Shell) is a powerful tool that gives advanced users encrypted command-line access to their NAS. But with great power comes great risk — especially if you’ve left it enabled with default settings. SSH usually operates on a default port, which makes it easy for attackers scanning for open ports to find your NAS. Changing the port doesn’t make your NAS fully foolproof, but it’s a small step that protects against automated, mass-scale attacks.
To really lock it down, switch from password-based login to SSH keys — they are cryptographic keys that are much harder to break into than traditional passwords. Additionally, limit the number of failed login attempts and restrict SSH access to specific IP addresses you trust. And if you’re not using SSH regularly, it’s better to just keep it off altogether.
3
Audit your port forwarding and UPnP settings
These portals to the internet could also attract unwanted attention
Port forwarding is a handy feature that lets you access your NAS from anywhere in the world, which is one of the biggest reasons people switch to NAS over traditional cloud storage. But if you misconfigure port forwarding or leave a port unintentionally open, it could give bad actors an easy path into your system. Worse still, UPnP (Universal Plug and Play) can open those ports automatically, and often without your knowledge.
If you’re not sure how to handle these network-level configurations, it’s worth getting help from an IT professional for the initial setup. And even after everything is configured, you should run periodic manual checks to ensure no unnecessary ports are open. Disabling UPnP completely is a solid move, especially if you want tighter control over your NAS’s external access points.
2
Keep firmware and apps up to date
No compromises here
No software is foolproof. There’s always a chance of bugs or previously unknown vulnerabilities — and professional attackers are constantly on the lookout for these zero-day exploits to target devices for ransomware and other attacks. When you install a bunch of third-party apps on your NAS, the potential points of failure go up as well.
NAS manufacturers and app developers regularly push out emergency updates to patch vulnerabilities. Ideally, enable auto-updates for both your NAS’s operating system and the apps you’ve installed. And if you’re wary of auto-updates breaking something critical, at least make it a habit to stay informed about known issues and apply updates manually as soon as they’re available, especially when you hear about widespread attacks.
1
Monitor for unusual activity
Plug-and-play is a myth in NAS
Many users think of NAS as a “set it and forget it” device, but that couldn’t be further from the truth, particularly in a professional setting. If you have a network of NAS units or multiple people accessing your data, there are plenty of things that could go wrong. Even with proper workflows and delegation, it’s crucial to regularly check who’s using your NAS and how.
Being watchful about who accessed what parts of your NAS (and when!) can help you spot unauthorized activity early. In case something does go wrong, access logs can help you pinpoint the exact point of failure. Think of it less as surveillance and more as being proactive about keeping your data environment clean and secure.
Related
6 common security mistakes people make on their NAS
Don’t be a sheep and make the same mistakes with your network-attached storage!
Go for an all-encompassing security system for your NAS
These tiny, often overlooked things can become a big deal if an intruder decides to exploit them. But running regular checks can help keep your data safe and your NAS in your control. Of course, there’s a lot more you can do to protect your NAS from attacks — but if you’re feeling particularly lazy, even taking care of just a few of these will go a long way.
QNAP TS-464
QNAP’s TS-464 is an impressive four-bay NAS with a striking design, powerful internal specs, and IR support for a remote control. If you’re looking for the best-equipped NAS for running Plex (or other media solutions) without spending a small fortune, this is the NAS for you.
