I had 1 Synology NAS for about 8 years and I've had my upgraded one for about 3 years. I'm that guy who knows enough to get things working, but likely just barely, and with several (unknown to me) security holes. In the past week I've decided to dig in, learn more, and harden the security and functionality of my system. I've mostly done this with the help of your fantastic videos. You are a great teacher. Thank you sincerely! Cheers
@SpaceRexWill Жыл бұрын
Thanks so much!
@mar4kl Жыл бұрын
Timely! I'm in the process of replacing a client's aging QNAP NAS with a Synology model. (I have a lot more experience with QNAP, but went with Synology this time because I'm uncomfortable with how many times QNAP has been successfully targeted by ransomware criminals in the past few years and not impressed with the alacrity of their responses nor with how seriously they took each incident. Taking a pass on QNAP for awhile.) Your videos have been a great help to me, but this one is a real treasure trove! I'm implementing each and every thing you recommended. You've earned yourself a new member, my friend!
@SpaceRexWill Жыл бұрын
Thank you so much man!
@randomnaamofzo1246 Жыл бұрын
Subbed! I love that concerned face of him while explaining stuff thoroughly and with good quality.
@jays959110 ай бұрын
I bought my DS216+II in 2018. As a non-tech person, I was glad that I managed to set things up and used my NAS as a backup using Synology Drive. However, I really did not know what I was doing. All those years, I did not have the NAS security set up properly as you explain here. Thank you for your video. It's really helpful.
@spacemanwho Жыл бұрын
Man love your videos. I also love the fact your giving your insights and thoughts on things. It really helps put things to perspective. Thanks dude.
@jlimozin Жыл бұрын
Thank you, great tutorial. I am setup pretty much exactly as you described and I thought I knew my stuff, however I still learned a couple things from you!
@maxbarko8717 Жыл бұрын
Thank you for this very important tutorial! I have set my hyperbackup external device to be ejected after the backup. Just to make sure that there is no access in case of an attack. I also unplug it. I always wanted to suggest to zoom your screencasts to maximize the window you are showing.
@PowerUsr1 Жыл бұрын
Good job on this video. Common sense approaches anyone can take to secure their files. Synology is king for not putting any of these features behind a paywall. Lets give them praise!
@dobrzpe10 ай бұрын
wow - your explanation of snapshots was AMAZING! thanks!
@brianhansen6906 Жыл бұрын
Love the info! Snapshots saved me once when I accidentally overwrote some files. I was easily able to back and retrieve them. Snapshots is one of the coolest features ever.
@SpaceRexWill Жыл бұрын
yeah! Snapshots are game changers! They absolutely can easily save you
@JanFarang4 ай бұрын
Great stuff again Will, I just saw it to check if I'm still ok with my settings, because I follow everything from you. It was fine, learned a lot from you, thanks for that, your a great teacher.
@czummo76 Жыл бұрын
Great info, you convinced me to use snapshots even though my NAS backs up my file server, i see the advantages of using snapshots. Too bad syno doesn't describe the use more in depth in their Package Center or more people would be using this tool
@SpaceRexWill Жыл бұрын
I actually wish that snapshots would be a default install pop up like drive is now. But they are a bit complicate to setup at first
@DrJosephSweeney11 ай бұрын
In our firm, see a lot of our clients that have been hit with ransomware. One of the key areas the cybercriminals target is the backups. So it's vital to protect the backup as well, and snapshots are the bomb for this. I run one NAS with snapshots and MFA required for all access, and all those protection settings, plus it is not available to internet. Then I have an occasionally connected NAS that backs up the primary. Yep. I'm paranoid. It's not a matter of being a "high priority" target for hackers. They run scripts to automatically hunt for "easy targets." You really, really don't want to be an easy target.
@DrJosephSweeney11 ай бұрын
Excellent video. Super-impressed you commented on SMB1!
@AdiGoldsteinComposerАй бұрын
Great video! Thanks so much for sharing! I have just one question regarding snapshots. If I create a snapshot schedule for my "HOMES" shared folder, will it include any folder inside that? If I have tons of folders and files there, would it be difficult to recover them if needed?
@XiterPL Жыл бұрын
As usual, great video!
@6gengineering9 ай бұрын
thanks for making this video much appreciated it has helped me removing the security risk and getting my head around this NAS system i have. i have to say i hate the fekn thing its way to complex and massively expensive for just storing files on as a replacement to two desktop hard drives mirrored by chronosync only upside i see is you can access it from anywhere.
@Chewbucksa Жыл бұрын
I've learned so much from your videos. Thank you for the hours of work!
@shenghuli850211 ай бұрын
Really practical tips, especially for new users of NAS🎉🎉🎉
@robertoghinato5754 Жыл бұрын
Fantastic job Will!! This was a well explained yet clear explanation! Salute from Italy
@a415man Жыл бұрын
Sooo helpful thanks. Still running DSM 7.1 after the drama of 7.2 - so not everything matches up, but still great. Still debating on making the jump to 7.2 - but your other vid makes it sound more stable now.....
@BhargavGajjar7 Жыл бұрын
Can you please make a video about upgrading/replacing HDD Drives on two bay Synonoly NAS system with out loosing data? Thanks!!!
@41-4E-4F-4E Жыл бұрын
Reassuring to know it’s all “common sense” stuff and I’m well protected. Enjoyed the video, thanks for sharing.
@theanalogkid4171 Жыл бұрын
Great info Rex, really appreciate it !!
@SpaceRexWill Жыл бұрын
Glad it was helpful!
@DuhRake Жыл бұрын
Thank you so much for this video, that was a lot of great information!
@didierhirt24823 ай бұрын
Great advice, Thanks. What would be really useful is a tutorial on how to migrate from ext4 to BTRFS
@burkec33 Жыл бұрын
Great segment! Thanks for the perspective for different types of users.
@wesc6755 Жыл бұрын
Good advice. Snapshots are great. I wish there were a solution that would allow more granularity for the /homes snapshot though. Snapshots work only at the shared folder level, so users can't self-admin restores for their particular /homes/username folder. Drive Client has previous versions, but still... I enjoy it when people don't bug me. :)
@colepascua8 ай бұрын
I really learn a lot from you and your channel. Thank you so much for your videos!!
@richardturkson5916 Жыл бұрын
Bravo! Great presentation. This is very helpful.
@Dreamtwister2k Жыл бұрын
I'm late to this video but the information was incredibly useful and I'm glad to have stumbled upon it.
@photojasinski Жыл бұрын
I just received my 923+ but was reluctant to even open it to due to its complexity. This video is proving to be hugely helpful and give confidence about this purchase! Question for you: my main purpose of getting Synology is to store/access my huge library of RAW + JPG image files as a photographer. The appeal of the NAS was also to access photos from anywhere in the world since I travel for work a lot. Currently I have 12TB's worth of photos on a G-DRIVE external HD which desperately needs to be backed up (and expand). I purchased 3x IronWolf Pro 12TB drives and I'm not sure if I should set it up as SHR or RAID 5? I bought the 3rd drive with the intention of doing RAID 5 however seeing SHR as an option I could return the 3rd drive to save some money as I likely will be ok with 24TB for now. Once the NAS is all setup I plan to backup everything onto Backblaze and/or those old HDD's. All that being said, in my case what do you recommend?
@tiberone5957 Жыл бұрын
Under the hood, SHR utilizes RAID technology. The benefit is the ability to later on expand the array without having to completely delete it. No reason to not use SHR over RAID as SHR is a lot more user friendly.
@JacobP8111 ай бұрын
Thanks. I am also wondering about the best way to give access to a folder on the Internet so I can backup and access pictures remotely without giving additional access to my NAS.
@Silverten-o5j2 ай бұрын
What about OS corruptions? I have encountered a situation that the OS of the synology was corrupted... The TA disabled the drive -- how does one recover from that? The drive was not even not available outside the fire wall...
@JoeyTrotz Жыл бұрын
Thanks for the video. Your channel convinced me to switch to Synology from QNAP. One question - is having rsync (port 22) open for off-site backup a concern?
@johanarens97988 ай бұрын
If you open SSH, change the default port to something else, bots are scanning TCP/22 and will try to connect, trying brute forcing the login. By changing the default, you would decreasing this behaviour by far.
@garydeluce464 Жыл бұрын
Just a word on the NTLMv1 auth. It's not that it can be easily bruteforced, it's that it's a weak hash and is trivial to crack. It's also very trivial to "pass" the hash to the NAS or another target.
@Mohandas.Gandhi9 ай бұрын
Thank you for making this video, this is exactly what I needed
@gabrielvarga381225 күн бұрын
Hello Rex, great video. I have one problem with snapshot. Specialy with a homes folder. When I want to recover a snap shot the option Restore to this snapshot is greyed out and cant restore it. Why? All the others folders are fine. Thank you
@timroach589811 ай бұрын
Love it thank you from a new Synology owner. I hope windows will some day support BTRFS file system as a default option.
@byrd203 Жыл бұрын
Remote Desktop can be used as long you don’t use the default port and setup secure connections only i picked a port on my router that’s drcure to use plus i have software to block RDP connections unless they go through that port and not on that ban list and drop list
@running4fun74 Жыл бұрын
Spacerex, I've used GRC's Shields Up to check open ports. Do you have any thoughts on them? Also curious, when checking for open ports does is it per computer or router?
@ckckck128 ай бұрын
Picked up a couple good ideas here. Thank you!
@spaaske11 ай бұрын
Why is under Protection > Autoblock your 'enable block expiration' off? If for some reason you fail after 10 attempts, can't you lock yourself out of your Synology?
@SpaceRexWill11 ай бұрын
But you can always just go from a different IP address
@leftywhat4 ай бұрын
If you have movies/Plex, would it be best to make a new Shared Folder, and not use Snapshots? I probably will not delete many files from it, but I'm guessing if I did, then it won't free up space until the end of the snapshot retention period (7 days currently which isn't too bad, but if it was 2 yrs then I wouldn't want that)
@Techboilerplate11 ай бұрын
One important suggestion before restoring a snapshot. Make sure you identify the computer that got the ransomeware virus and disconnect it from the network or else after you restore the snapshot your company files will just get encrypted again!!! You will want to reimage the computer before connecting it back to the network. I battled many cryptolocker ransomeware and was able to restore with snapshots and was able to get customer back working in a couple hours. Was a true feeling of having a superpower!!!!
@ButchHammer Жыл бұрын
Thank you for your series 😇
@ellenorbjornsdottir1166 Жыл бұрын
So, transferring to a PC running FreeBSD - I should use ZFS and practice good snapshot hygiene?
@andrewbradley2963 Жыл бұрын
Thank you very much for this, it has been most informative and helpful. I wonder if I could ask a question about snapshots though, my nas is approximately 15TB in size, with around 10TB of files on there at any time. If I install snapshots and get hit by a ransomware attack that encrypts all 10TB of files, how would the snapshot be able to cope as each of the 10tb of files would be locked, but there isn't enough space for it to keep the older version of the file as they are rewritten/encrypted? I know you mentioned that this is complex and hard for some people to get their heads around (I guess I am one of those people) - but would snapshots save me in this instance?
@osphere Жыл бұрын
As the ransomware would be encrypting each file, the file system stores the delta between the original and the new version. In your scenario, when the drive reaches 100% (consisting of your original data + a full new version of each file, generated by the ransomware) - there won't be any space left, so the malware won't be able to 'save' the file (in its encrypted form) because the disk will be full which stops the change to the file.
@alextralha6318 Жыл бұрын
So I just ordered a DS223j. Looks like it is Btrfs based on specs?
@Emulives Жыл бұрын
What is the "normal" speed to transfer files to USB drive backup using Hyperbackup? I'm getting transfer rate of 100kbps sometimes. Not even 1mbps. This during the day when I' using. But is not fast either when the Nas is not in use.
@snoopywalker188111 ай бұрын
Great Video again Rex. Didn't know about Upnp, which was on . Now off
@arnoldleonard886 Жыл бұрын
How might regular snapshots and immutable snapshots affect the amount of data being backed up to a remote service such as Backblaze? I want to setup a remote backup service, but I am unsure about what should be remotely backed up, how to designate only those important files/folders, and how to estimate the total size (and thereby cost) of my backup.
@SpaceRexWill Жыл бұрын
They will have no effect on the remote backup. Cloud sync and hyperbackup do not backup snapshots, only the active file system
@danielwilder7835 Жыл бұрын
if i mapped a drive/folder from my synology on my windows would that give a hacker or exe program easier access?
@Urbanmediashowcase11 ай бұрын
Your videos are very informative. Thank you.
@devrimers Жыл бұрын
hello, thanks for the video. I have a question: I have 4 disk total space 8TB with RAID 10 as volume1. and I have 1 disk 8TB as volume2. all my shared folder in volume1. and I want to use that snapshot replication to take all my files in volume1 and save them in volume2. is that possible ? I mean snapshot can use my volume2 for data store ?
@Dudenessvideo10 ай бұрын
Really great video! Thanks!
@XarlioG60 Жыл бұрын
The inconvenient that I see with Snapshot Replication it not have folder excluding. For example, I have a shared folder that I want to replicate, but one of the folders inside that shared folder contains a LOT of videos, with a total of 9TB inside that shared folder and I don't want to replicate all of that. The only way I know is to make a new directories hierarchy. Is there any other solution?
@SpaceRexWill Жыл бұрын
So the way snapshots work is they are file unaware, they actually send the underlying volume over, rather than files (it’s what makes them so fast and safe) Otherwise you could use something like Synology drive share sync.
@chicodeme Жыл бұрын
Time machine requires AFP to be on. If you turn that off, you will get "The selected network backup disk does not support the required capabilities. Please be sure Time Machine capabilities are enabled on the server for this volume or choose a different network backup volume.". Thanks for the tips.
@SpaceRexWill Жыл бұрын
So this can be a glitch. You can use SMB with time machine and should! You want to just make sure you have a few SMB settings enabled, I have a video on it
@chicodeme Жыл бұрын
Thanks. Let me go try that@@SpaceRexWill
@chicodeme Жыл бұрын
Yup worked. Ty! @goat ... deets in video "How to Backup MacOS to Synology NAS using Time Machine"
@felipeoliveira895 Жыл бұрын
I have a question about the snapshot mechanism. How is it possible that the malware damages other files but not the snapshots themselves?
@SpaceRexWill Жыл бұрын
Because malware is interacting on the file system level, but the snapshots are actually a level lower than that, so malware cannot directly interact with them
@felipeoliveira895 Жыл бұрын
@@SpaceRexWill Does it mean the snapshot cannot be stored in the same volume? Or is the same volume but somewhere else outside shared folders?
@mrcjay Жыл бұрын
Can you please make an video from active insight Ransomware Protection.
@Robby520 Жыл бұрын
Much appreciated guide. Really helpful.
@nicoscherer9427 Жыл бұрын
Hi, nice basic tutorial! For the part on port-forwarding: You could have added information about implemented VPN or e.g. Tailscale VPN (available in Synology packages) and Firewall rules that allow all ports via these services and blocking all others, so that there is no need to open any more ports than for the VPN service (in case of Synology implemented VPN used), or allow Tailscale subnet (in case of Tailscale service used). Nonetheless. Thank You! :)
@amirhemmati3771 Жыл бұрын
Great presentation. Thank you.
@francoiss2100 Жыл бұрын
Crazy good video!!
@EuroPC4711 Жыл бұрын
Thanks for your helpful videos! Does it make sense to use snapshots on my off- site hyper backup NAS?
@SpaceRexWill Жыл бұрын
I will do a pretty non aggressive snapshot policy of 1x per week, and keeping 4x weekly versions of the hyperbackup folder, assuming there is space. This would allow the main NAS to be completely hacked, and delete its own backup, but still be able to recover from it
@EuroPC4711 Жыл бұрын
@@SpaceRexWill thanks Will!
@gat198611 ай бұрын
I can't find MFA on DSM 6?
@marquessouzamarques11 ай бұрын
thanks, great video , thanks from Brazil
@notreallyme425 Жыл бұрын
Is it possible to setup a user account such that the administrator account(s) cannot see the user’s files in the user account’s home folder?
@SpaceRexWill Жыл бұрын
There is not.
@RyderCragie11 ай бұрын
Immutable snapshots aren’t available on all NAS’s.
@tonyvalenti66149 ай бұрын
How about port forwarding for Plex? I that safe?
@mullerreindberg Жыл бұрын
Thank you
@traffic-law4 ай бұрын
Can't they build an OS that prevents encryption of a file unless the admin password is provided?
@SpaceRexWill4 ай бұрын
You cannot, as there is no way for a computer to tell an encrypted file from any other binary file. It would mean that you could not save things like zip files as the NAS may think those were encrypted.
@gobofraggel7383 Жыл бұрын
It's great but not truly immutable if anyone who can log in is able to turn it off and wait a few weeks before encrypting the data. The key is making it impossible to disable immutability remotely and having a physical button on the NAS that must be pressed before immutability can be disabled or altered in any way. It could then allow a window of 5 or 10 minutes before the settings are locked again. I currently have something like this on a much more expensive enterprise system that requires myself and someone else (2 people) to provide support with a secret pin via a zoom call before the lock-down mode is disabled, allowing me to make changes to immutability settings. Any system can be compromised, requiring some sort of physical access to make changes is the key to protection against ransomware.
@waterbourne928211 ай бұрын
Excellent, thanks.
@viviansprivatekitchen143710 ай бұрын
Great video!
@shubinternet Жыл бұрын
You've got a good basic security tutorial here that I think could be expanded and split into a separate video. Then you could spend more time in this video that focuses on just the snapshot and replication stuff.
@alfylorenzo50959 ай бұрын
thank you so much for this video, Soooooooooo Helpful WOW!
@Balan_E Жыл бұрын
Hi Nas delete file how to recover pls video upload it.
@JavierSN95 Жыл бұрын
i have express vpn, and i have it connected to my nas, is that safe?
@danielchien7274 Жыл бұрын
This is a simply way to stop all ransomware new or old. Just won't let it to run. You can use a library/folder based whitelist that has all authorized programs/scripts can be run safely. This whitelist can only be modified in safe mode. So, hackers or disgruntled employee can't run any unauthorized programs/scripts.
@aktiveXkontrol_gaming9 ай бұрын
Big thanks mate
@jonicolton Жыл бұрын
thank u. 🤟🏼
@stevenshapiro64314 ай бұрын
I did not watch the entire video start to finish, but I believe you missed an initial requirement for LUN configuration that it has to be Thin Provision.
@patzfan808610 ай бұрын
I love your videos, But your personality doesn't match mine. But i always try and come back. Hopefully, this helps your algorithm.
@yesmanhk Жыл бұрын
just dont buy qnap and you will be safe for 50%
@jeffreyooi1971 Жыл бұрын
New ransomware now will totally wipe out your Synology NAS. So even if you have snapshots there is no use.
@SpaceRexWill Жыл бұрын
What new ransomware are you talking about?
@jeffreyooi1971 Жыл бұрын
@@SpaceRexWill I can't remembered what it called but my customer got their Synology NAS totally wipe out during the ransomware attacked in Q1 this year. They did have snapshots configured but no use. All theirs data is gone. If they have backup an off-site copy that would be much easier to restore, too bad they don't have.
@encryptdotwav2 ай бұрын
assume the ransomware is being used for extortion in a circumstance…. does disabling the authenticate certificate allow the party to lie when being audited to taxpayers?
@encryptdotwav2 ай бұрын
love your videos… love accountability more?
@encryptdotwav2 ай бұрын
who else is gonna pay for the hardware?
@indridcold28723 ай бұрын
If you enable MFA and stream DS Video to your smart TV you are practically scr*wed since your TV cannot resolve that MFA request. Dumb desicion from Synology.
@michelbedard840610 ай бұрын
In 2024, why don't you just sync all your files with OneDrive or Dropbox ? That is a real question.
@lauren301 Жыл бұрын
I enjoy your videos but please don’t ramble so much. Please deal more with just you topic. Thanks and keep up the good work.
@theanalogkid4171 Жыл бұрын
He's providing professional technical advise for FREE and you're complaining? Wow, just wow.
@bigpickles Жыл бұрын
I've watched since day one and prefer the longer form. He's a joy to listen to. Horses for courses, young padawan.
@marklee6538 Жыл бұрын
Nah man, that "rambling" has provided me small details I have looked for and not found else where. I am happy the way he does it, many times I have been trying to figure out 1 setting and he has hit on it, when no one else has.
@MikeFox1 Жыл бұрын
Will, don't change a thing! Your videos are incredibly useful to me and very well done.
@robertoghinato5754 Жыл бұрын
bruh are you high he's doing great job and totally free!!
@NathanChambers4 ай бұрын
Disliked because you rambled so long at the start and it was clearly to inflate your watch time, which is pathetic.