My friend had 2 QNAP NAS, and both have been compromised with a ransomware problem. He has just decided to call them toast and move on to a different brand of NAS, but we are wanting to possibly step up security protocol on the new NAS.
He will have a new 1520+ NAS from Synology and an ASUS AC-RT86U router.
Does anyone on here have that same setup, or something similar that they could help us with settings to help keep his NAS from getting bombarded with outside attempts and ransomware? Plex is something that needs to work flawlessly, so what can we do to step up security, but still keep Plex working smoothly?
People say VPN, some say not. Advice on what to do. Thanks.
The solution to this problem is not about VPNs.
VPNs only change your exit IP address. They do nothing to control the inbound attack vector.
The solution comes from
-
CONTROLLING the internal access to the NAS
-and- - RESTRICTING external access to Known Trusted users.
Further,
-
NEVER leave the NAS as “admin” level access on the internal LAN network for day-to-day usage. When you need to use administrative mode, get in and get out.
-
Make 100% certain, ESPECIALLY with virus-prone OS’s (Windows is the biggest problem here), the host computer administering the NAS is Virus & Ransomware free.
-
NEVER install any application which doesn’t come from a well-known developer.
-
USE the NAS vendor’s Malware scanning and removal tool on a daily basis (automatic operation)
To your question about controlling external access / securing access to Plex.
I have implemented a mechanism where only those users, whom I grant access using their DDNS name, have access to the Plex port. All other attempts to scan for PMS get dropped (fall into the bit bucket without a reply) by the firewall.
I will explain further how to implement if you wish but there is a fair amount of writing.
As you see, security is a multi-facet problem which has to be addressed at each to guarantee total security & safety of your data
Steve Gibson may offer some insights.
To add on ChuckPa reply, VPN’s are very good at eliminating Man in the middle attacks. Therefore will give some protection on incoming.
DNS and IP spoofing can trick your computer into thinking it is connected to the right website when it actually isn’t.
Typically, a VPN will protect you against these types of attacks since your VPN will often use its own DNS to resolve domains. If it doesn’t, you should look at using a service like OpenDNS, Cloudflare, or Google Public DNS.
Hackers can also steal your cookies, which are small files used to keep you signed into websites. By stealing the cookies, they can pretend to be you and get around the password protection of your account.
Like SE56 mentioned, CF is great at blocking security threats. Just disable caching on your plex subdomain (as well as Rocket Loader and Browser Integritycheck).
If you don’t wanna use CF, you can step-up your game and setup a reverse proxy and implement a WAF (Web Application Firewall) and CSP (Content Security Policy)
I would not be surprised if the ransomware attack came from the desktop PC your friend is using because they clicked something they should not have.
Another possibility is your friend used weak passwords. Hackers usually don’t break in, they log in with your weak credentials.
It would be important to know how and with what exactly the NASes were infected. I doubt a VPN will help much.
