HACKER Q&A
📣 delgaudm

How can a content creator (not “IT saavy”)set up a NAS safely/correctly?


I make long form video and audio as a sole proprietor working from home. I have many terabytes of data, stored on a QNAP NAS. How can I figure out if my configuration / set up keeps my data safe, secured, protected, etc. Are there checklists or best practices a layperson can follow to ensure my data is safe and my device doesn't become compromised?

Challenges: Firewalls, networking, routers are largely blackboxes to me, so I don't have a ton of knowledge of concepts / terminology.

  👤 gepeto42 Accepted Answer ✓
I have used mostly Synology in the past, so I have no hands-on experience with QNAP, but I am also pretty sure they are very similar types of Linux based with tons of features boxes.

QNAS does have a guide:

https://www.qnap.com/en/how-to/faq/article/what-is-the-best-...

However, I want to stress the following points:

0. Do not use a NAS as your only backup, and definitely back up data only on the NAS to another location (cloud?). 1. Do you need to access the NAS from elsewhere? Do you REALLY need it? If yes, consider setting up a VPN, but no matter what you do, do not expose the NAS directly to the Internet through your firewall or a cloud service. 2. Enable automatic updates - there are enough vulnerabilities in these boxes that it is worth patching first and asking questions later. 3. Depending on the data you store, consider encryption. For example, if you only use a NAS to do Time Machine backups, encrypt your backups. Most NAS boxes also support encrypting entire drives, which is very practical if someone steals the box away from you physically, but will not add protection to attacks once it is powered on.

👤 scantis
No matter how good the setup is, the most obvious vulnerability are always unattended unlocked devices with access to the NAS. Even better if there is some remote session, that isn't properly signed out.

Some very basic discipline will protect you a long way.

Beyond that comes the realm of the dark wizards of HN.

If you like to learn about firewalls try this sword

https://wiki.ipfire.org/what-is-ipfire

but be warned, it is enchanted with paranoia.

👤 hnlmorg
Rather than fretting about if your configuration is correct, spend that time creating an offline back up. That way you’re covered for a multitude of disasters.