At least they’re not blowing up

They just released quts hero with zfs for the 453E. This is a major game changer for me. Smaller NAS devices can have enterprise level protection. Gotta hand it to QNAP they really have been working on the right stuff. Wish Synology didn't loose their minds as they had something special years ago. Now enjoying the same with their competitor. What you can do with the hardware and m2s is really cool. Lots of fun...

Some people build their smart home based on Zigbee devices (smart switches, plugs). They are not a part of the LAN, they have a separate dedicated network, so they cannot theoretically access Internet.

Excellent video! Good information to share. Thanks. 🙏🏻

I thought security cameras were placed on a network that doesn't access the Internet. Use a second port on the Synology to join the security caamera network to get the video feed. Then the Synology has access to the Internet. That way you still have surveillance, but the cameras are not exposed to the Internet.

This is exactly why you can only connect to my nas with tailscale.

I have 6 security cameras around my home. Rather than segmenting my network, I have created a filter on my Synology router to restrict those cameras so that they can only access the NAS to which they send the captured event JPG's and MP4's and zero internet access. Do you think that is sufficient ?

Love the Idea of using a virtual DSM as honeypot. I thought about this too, but unfortunately No second ISP available

So when you say don't connect the Synology to the internet how far do you go with that statement? Are you talking don't enable quickconnect or are you saying directly connect to the internet through something like port forwarding? Turning quickconnect definitely adds a lot of flexibility when your out & about. You could essentially do the same thing different ways like for example using tailscale. You could take what your saying to extreme to by putting your synology into a vlan & not allowing internet (which becomes a pain because of updates). Can you explain?

Good stuff thanks

Tank you!

Is there a way to test if my nas was attacked or has some kind of malware installed and running? Is there also a way to diagnose attacks on my router too? (Sorry, i feel like I'm a noob in this area). I did have dmz enabled for my xbox for a few months in the hope that i had a better and faster connection for multiplayer gaming (cod servers suck). I'm not sure if a way to examine attacks on my xbox though. I have some packages installed from syno community, are they checked thoroughly by the community before being made available?

Thanks for another great informative video! So, you now make me wonder. I have Synology Routers and NAS’s. I only use Synology packages. I do use Tailscale and update it manually since it takes Synology a while to make the update available. I do have a VLAN with Primary, Guest, and IoT networks along with Firewall rule setup between them. I have a separate computer I’m using as a Plex server and that is the only port I am forwarding. Given all this and what you shared am I in pretty good shape or at great risk? Oh, of course I disabled the Admin account completely.

Does setting NexDNS on the router as the dns server help block this traffic if you use all their network protection lists?

Great content as always! Thank you, as you are even in you videos. Too many synology fanboys these days. Mike Faucher is good as well.

The advice of don't expose NAs to internet = put your files on Google Drive or Microsoft One Drive (or similar service)! From my point of view, using a NAS implies to access my data from the internet, otherwise I would have get a big HD and connet it to my PC for the same results. Why pay for a NAS and not able to access my files when I'm out of my home/office? Instead NAS users should be instructed and NAS companies as Synology should build their systems based on this principle to expose safely as possible their NAS to the internet. Otherwise it would be like to have a car in my garage and avoid to drive because I might have an accident. Well learn to drive safely and get a good insurance or do not buy a car!

What about Plex??

Your current settings isn’t necessarily proof for that, for instance upnp, wasn’t active at an earlier point in time. If someone was logged in as admin they could have enabled and the disabled. No malware, but how about exfiltration?

I checked my logs and saw my username accessed shared folders via smb3 through my laptop with my lan ip. I was asleep at these times. My firewall is set to block all IPs that aren’t on my LAN. Router UPNP was on without my knowledge. Does this sound like suspicious activity or is this routine connections for smb3?

DUH.