Let’s face it: no matter how many times security experts say it, many internet users will still refuse to believe in the protective power that passwords bring to the table. Granted, people are slowly realizing that online logins are a necessary evil to keep wrongdoers at bay and their personal data safe and many of them even go to great lengths to ensure that their online identities remain protected all the time.
But this consideration doesn’t go as deep as it should: when it comes to password-protecting routers, servers, or NAS drives, the vast majority of users don’t even bother changing the devices’ default passwords, leaving them at the mercy of hackers. And as the security flaws discovered in several NAS drives has proven, this recklessness could have dire consequences.
The Price of Convenience
Despite not being as widespread as external hard drives, the NAS – or network-attached storage – is a better solution for storing all sorts of data since it’s basically a miniature, physical embodiment of the cloud. Unlike HDDs, the NAS is connected to a network, meaning that any devices hooked up to the same network can store and share files with each other without being directly connected to the drive. And to make things even more convenient, NAS drives can also be configured in such a way that users can access its files remotely as well.
As it turns out, however, remote access is actually one of the biggest weaknesses of these drives. The best case scenario is when NAS drives are ‘only’ used for committing petty crimes like mining cryptocurrencies without the user’s permission, but sadly the potential issues are usually much more dire than that.
In 2017 security researcher James Bercegay discovered a flagrant security flaw in a dozen Western Digital My Cloud NAS drive models. According to his report these devices came with a hidden firmware backdoor, which allowed complete strangers to access the drives’ contents remotely by providing the factory username and password.
Making NAS Drives Hacker-Proof
Not only are all these issues a serious threat against data security, but they also revealed two major concerns of NAS drives. Firstly, they are just as vulnerable to remote hacker attacks as any other device connecting to the internet. And secondly, leaving the factory settings unchanged – especially where passwords are concerned – is like politely inviting a burglar into our homes.
But since connecting a NAS drive to a network is inevitable, it should to be reinforced in such a way that hackers could never compromise the data stored on it. Thankfully, however, only two things are needed to achieve the necessary level of protection: changing some of the default settings of the NAS drive and creating a strong password.
Changing the Drive’s Factory Settings
To ensure that a NAS drive is ready to withhold hacking attempts, not only should the data be backed up frequently but you will also have to make sure that its firmware is kept up-to-date at all times to eliminate any possible vulnerabilities. After this, it’s highly recommended to deal with the issue of unknown IP addresses by determining the number of failed authentication attempts that are allowed before the drive blocks any unauthorized device from accessing its content ever again. In addition to that, if the drive provides the option to add an extra layer of security via two-step authentication – like in the case of Synology NAS devices – then it’s best to turn that on as well.
Updating the Password
While modifying the device’s default settings is already enough to keep trespassers out, to make sure that it is completely hacker-proof you should also replace the default password with an uncrackable one generated by a random password generator. However, updating the login is just the first step towards securing the NAS drive; the password should also be safely stored inside a password manager. This way not only can users completely forget about the new, complex password altogether – as the program is able to recall the login whenever the NAS storage is accessed – but it also means that the password is encrypted and cannot be stolen by unauthorized people, even when it’s entered into the login screen of the network-connected storage.
Best Password Managers of 2018