United States / Canada - English
Sign out
Information Security is Our Top Priority
QNAP has an uncompromising commitment to information security and has partnered with the security research community to identify and fix vulnerabilities to keep our users, products, and the internet safer. Read on to gain a greater insight into QNAP’s security features and network security settings.
QNAP takes immediate action to against ransomware
Ransomware, like Qlocker or Deadbolt, is used by criminals to encrypt files on devices and then to charge a ransom fee for the encryption key. Paying the ransom is also no guarantee of recovering files. QNAP has established a dedicated Product Security Incident Response Team (PSIRT), increased product security, and cooperated with external experts to help users fight against ransomware and other malicious activity. We recommend that you check the following precautions and take action to reduce exposure risks and strengthen your network defenses.
QNAP will respond within a short period of time when security issues are discovered, and release updated versions for users to ensure their data security.
Secure network architecture and settings
1. Connect NAS correctly
You should never directly connect the network port of the NAS to the Internet. Ensure that your NAS is connected to the router first, and then connect to the modem provided by your Internet Service Provider (ISP). With correct settings, the router can block malicious traffic from the Internet and reduce the risk of cyberattacks.
Correct connection - NAS connect to the router first
Wrong connection - NAS connect to Modem directly
2. Configure the router correctly
Log into the router or ask your ISP to help you check and disable the following settings:
-
Disable UPnP
-
Disable DMZ
(Demilitarized Zone)
-
Disable Port Forwarding
3. Enable automatic updates
QNAP frequent security updates firmware and software. Enabling automatic updates ensures that you have the latest features, bug fixes and vulnerabilities.
Strengthen system account security
1. Disable the default administrator account "admin"
Hackers who use brute force password cracking generally target “admin” (the default administrator account). It is strongly recommended to deactivate “admin” and create a new administrator account.
Learn more: How to disable the admin user account
Models with built-in QTS 5.0.1 / QuTS hero h5.0.1 (or later), "admin" is deactivated by default.
2. Enable access protection (IP / Account)
"IP Access Protection" and "Account Access Protection" can assist in preventing passwords from being cracked by brute force. When a specific IP or account fails to log in too many times, it will trigger IP blocking or account deactivation, preventing attackers from repeatedly trying passwords.
3. Enable multi-factor authentication
It is strongly recommended to enable secure login methods such as passwordless login and 2-Step Verification for adding an extra layer of data security.
Learn more: Secured login and multi-factor authentication
4. Disable Telnet / SSH
Unless you are using them, it is strongly recommended to disable Telnet and SSH. These two functions are generally used by QNAP customer service or professional IT personnel to maintain the system. General users should not need them, so it is recommended to disable them
Enable scheduled snapshots
Snapshots can protect your important data by creating multi-version restore points. When ransomware strikes, your data can be recovered from a snapshot. It is strongly recommended to enable scheduled snapshots and set a snapshot deletion policy to ensure adequate data security and storage utilization.
Learn more: What are Snapshots ?, Snapshot Replica – backup your snapshots, Real-time SnapSync (*Only available in QuTS hero )
Open "Storage & Snapshots", click "Volume", and open "Snapshot Manager" in the menu.
Click "Schedule Snapshot". It is recommended to schedule your snapshot by "Daily" or "Weekly".
You can set a snapshot retention policy to limit the number of snapshots and prevent snapshots from taking up too much space. It is recommended to set "Smart Versioning".
Ensure that "Storage Space" is a "Storage Pool" structure and that the "Storage Pool" has enough free space to take snapshots. QNAP recommends users activate smart snapshot space management and use thin volumes for snapshots to ensure there is enough storage space for the NAS to function properly.
Security Center - Your security portal for QNAP NAS
Security Center proactively analyzes and monitors NAS status, unusual file activity, potential security threats, and offers instant protective measures to safeguard your system and data. It also integrates anti-virus and anti-malware software to ensure the complete protection of your QNAP NAS.
Open “Security Center”, select security policy level that fits your needs, and click “Scan Now”.
If the scan results revel any security risks, you can click the "Suggested Settings Assistant" to help you adjust the settings.
"Scan Schedule" is recommended to be set to at least once a month, so the system can regularly check the settings and system status. If a risk is detected and the Notification Center is set up correctly, you will receive a notification so that it can be handled as soon as possible.
“Unusual File Activity Monitoring” allows you to easily track the average count of unusual and modified files on the NAS during a specific period.
QuFirewall: Built-in firewall for QNAP appliances
QuFirewall blocks packets that are suspected to be sent by Tor (an anonymous communication connection) to prevent your NAS from being attacked. It also detects suspicious onion routing and malicious bots, and dynamically updates the block list of malicious packets, ensuring the security of your QNAP devices.
If your network has no special needs, it is recommended to select "Basic Protection", and then click "Next" to continue.
Set a region according to your location. You can add more regions later.
Go to the QuFirewall Profiles page and you will see that "Basic protection" is enabled. Click "Basic protection" to expand and view the corresponding firewall rules. The rules are checked against the information in the incoming packets, which are allowed to pass or be blocked according to the firewall rules.
Malware Remover
Malware Remover regularly scans your NAS using the latest malware definitions. When detected, infected files will be immediately removed to ensure NAS data security. It receives regular cloud-based malware definition updates to strengthen your data security.
Open "Malware Remover", the status of the last scan is displayed, click "Settings" on the left.
"Scan Schedule" is recommended to be set to once a day, so that "Malware Remover" regularly checks the system status. Also make sure that the "Automatically update Malware Remover to the latest version" remains checked.
Set up system notifications
Notification Center centralizes all system notifications and can push notifications to devices based on your settings to keep you up to date with your NAS status.
Open "Notification Center", click "Service Account and Device Pairing" on the left side menu, select "Email", and then click "Add SMTP Service".
Select an email account, click "Add Account", follow the instructions to complete the verification process.
On the left side menu of "Notification Center", click "System Notification Rules", select "Alert Notifications", and click "Create Rule".
Modify the "Rule Name" according to your needs, check the two severity levels of "Warning" and "Error", and click "Next" to complete.
