Secure external NAS access without VPN

I use a Synology NAS at home that is not accessed from the world network. Of course, the device has indicated attempts to hack it.
Synology has two perfect features against attacks:

1 - Blocking in the firewall by geolocation (I left access only from the Czech Republic and the USA)
2 - configurable autoblock (blacklist) of IP address from which several login errors occurred in a defined time … with configurable expiration (attacks are reported by email). There is also a user whitelist.
3 - recommended to change the standard admin account “admin” to another name

The combination of the above features stopped all attacks.

================
Why am I writing this … I would really like to have such features in OS Turris

1 Like

I think the basic is to se firewall to allow connection only from the network you really use, instead of opening for entire unlimited world of hackers , as described Nastaveni firewallu pro pristup pouze ze site T-mobile CZ a O2 mobile CZ

I don’t know if you read my post properly. It would be a solution where they don’t need a VPN. Illegal attempts from around the world are limited to 2 domains - I have setup that one wrong login attempt will block access from the IP address.

The resulting reality is that the Synology log records nothing instead of hundreds of attempts recently - zero.

I am not dependent on a limited mobile provider, for I can choose any device in the allowed domain´.

It’s a different solution for a different requirement. Technically for developers there is no tricky

1 Like