Protect the Data on your Synology NAS with these 5 Tips

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

there are five settings that are extremely important to understand in terms of data integrity and data security for your Synology Nas in this video we're going to take a look at all five of those get an understanding of how they work and why it's important so you can understand exactly what you have to do to get the most out of your Nas and to secure it as best as you possibly can so the first thing that we're going to take a look at is data scrubbing now data scrubbing is used for the btrfs file system now data scrubbing is a maintenance feature that you can run which can potentially fix issues with your rate array so what can happen over time is that issues like bitrock can occur and data scrubbing will automatically fix those problems by checking a checksum and fixing the issue if one happens to occur you don't really have to worry about any of that what you have to do is ensure that you're running data scrubbing so what you can do is open up your storage manager open up your storage pool and then select schedule data scrubbing from there you'll have to make sure that it's enabled and you'll also have to select the storage pool as well as the frequency for almost everybody you should run this at least twice a year and I would say at maximum every quarter so four times a year this will ensure that over time if any of these issues occur they are automatically fixed from your rate array inside of the data scrubbing process itself now a few things to note the first is that you will potentially see decreased performance at this time your Nas will be fully functional everything will be accessible but from a performance perspective if you log into DSM it might be a little slower than it normally is the second thing that's important to note is that if you are using data scrubbing the shared folders themselves have to be configured properly so when you create a new shared folder you can go in and select the option enable data checksum for Advanced Data Integrity if you do not select that or if you did not select that running data scrubbing is not going to do anything cases like that what you'll have to do is create a new shared folder migrate all the data and then you can delete that old shared folder that doesn't have the option selected in order to access and check that setting you can edit the shared folder itself select Advanced and then you can see if the setting has been checked off if it is checked off you don't have to worry about it if it's not checked off off you should probably create a new shared folder move all the data and then it will continue to function as expected moving forward from a data scrubbing perspective there is nothing more that you have to do as long as you have it configured and you ensure that the shared folder will utilize data scrubbing you're good now the second thing that we're going to take a look at is actually a device that you might potentially have to purchase and it is a UPS now what can happen with raid arrays is that in the event of a sudden power outage the rate array May corrupt generally this would happen if you're writing data at the exact same time as a power outage occurs but the goal of a UPS is just to keep your Nas online potentially during that power outage entirely or just so that it can safely shut down now you can configure your Nas to safely shut down if you have a UPS device that has a USB port that will allow you to actually monitor the UPS through the NASA itself in summary all you have to do is access the control panel select hardware and power then select ups and enable UPS support from there you can customize the amount of time or specify if you want the nas to stay online until the battery is low but the point is the nas will shut down safely in the event of a power outage from a data Integrity perspective this is the most important setting that you can configure on an S because there are going to be times when you're going to lose power even in a perfect world if you had a standby generator it might not kick on in time and if that power outage occurs for even a split second and the Nash shuts down you run the risk of corrupting your storage pool from a setup and configuration perspective as long as you have a UPS that is capable of USB monitoring and you configure these settings properly your Nas will safely shut down in the event of a power outage or it might stay online for long enough to run through that entire power outage and you won't have any adverse effects I will leave links to a few ups devices that I use in the description as well as written instructions that you can follow to configure this entire process now the third thing that we're going to take a look at is shared folder permissions for specific users now in the event that you want a specific user to not have access to a shared folder there's a very specific way that you have to do it in order to show that I'm going to open up a user inside of the control panel I'm going to edit them and I'm going to select their permissions but what you're going to see at the bottom here is that the order in which permissions are determined is no access followed by read write access followed by read-only access so what you have to be aware of is that users are part of groups now group permissions exist and user permissions exist if a user is part of a group that has access to a shared folder then you don't have to explicitly give permission to that user inside of their user account because they're part of a group that has access to the shared folder however what happens if you want a specific user to not have access to a shared folder and they are part of a group that has access to that shared folder that's where you have to explicitly deny their permissions and that's where that bottom section there that explains how this works becomes very important so what you can do is open up the user's permission and you can select no access now that will override everything because as you saw earlier no access is the highest priority so even if you grant them permission somewhere else whether it's through the user or the group themselves if they have no access they are not going to see it it's also important to note that read only is the lowest priority so let's say that you have a group and that group has read write permissions to a shared folder if you go in and you explicitly set that a user should have read-only permissions it doesn't matter they will have read write permissions they'll have read write permissions because the group allows them to write and in an order of priority read write is higher than read only so in cases like that what you actually have to do is either create a new group or remove the user from that group and then either manually specify their permissions or add them to a different group that is read only understanding how these shared folder permissions work is incredibly important because for the most part you can run into a situation where you're granting users permission to things that you don't even think they have access to so in summary no access read write read only in that specific order that is how the permissions are determined that can be on the group level or the user level now the fourth thing we're going to talk about is more of a security feature but it's UPnP now UPnP will port forward on your behalf that alone is reason enough to not use it because for the most part you want to ensure that you know all of the ports on your device that are being Port forwarded think of it in terms of your house if you had the front door to your house unlocked but you knew it was unlocked it's better than if the front door to your house is unlocked and you don't know it's unlocked now whether it should be unlocked or not is a different question but the point is if you're aware of it it's better than if you're not aware of it UPnP can port forward on your behalf and you might not even be aware that ports are currently opened when you thought that they weren't opened so if you've ever used the router configure duration portion inside of the external access section in the control panel and you have anything listed here there's a chance that your router has Port forwarded those ports so what do you do in that case the first and the easy thing that you can do is you can remove everything from here but regardless you should log into your router and see if any of these ports are forwarded for the most part if there are any ports forwarded to your Nas you have to ensure that one it's a valid port forward and you wanted it there and two that it's being limited down as best as it possibly can with either synology's firewall or reverse proxy if possible UPnP is a security risk it's probably not viewed as that but it is if you know things are being done it's better than when you don't know things are being done and you could indirectly go into your Nas and port forward different ports to your Nas itself meaning that there are external users that can access your Nas on those ports you don't want it if you don't have to have it and for the most part nobody has to have it if you want to port forward port forward on the router itself now the fifth and final setting is going to be system notifications I promise you that there's going to come a point where you don't log into your Nas as often as you used to in the beginning you might be logging into it multiple times a day multiple times an hour then it's going to slow down to potentially multiple times a week and then you might get into a situation where you're only logging in a few times a month the reason for that is because these systems are designed for the most part to run by themselves without you really having to interact with them most of the time that's where notifications become extremely important because think of a situation where one of your hard drives dies if you're not aware that it actually occurred there's nothing you can do to fix it so if you're somebody that logs into your Nas every single day for the most part you can determine if you do or don't want to set up notifications you probably should regardless but it's up to you if you're not somebody that logs in every single day what you should do is open up the control panel select notification and then you have to go through and configure the notification what you really have to do is set up email and you can set it up various ways one of the easiest ways is probably through Gmail or whatever other email provider you're normally using but what you really want to change is in the rules section you can edit the default Rule and then you can go in and specify the notifications that you want so for example if you were to expand storage you want to ensure that any of these critical storage events that occur you're emailed you probably want to do the same for backups you want to ensure that if your backup task doesn't run that you're informed that it doesn't run so you could at least try and figure out why if you connect to your UPS you might want to know that you were connecting to your UPS which could signal potentially that there was a power outage that occurred the point is that these notifications will inform you of exactly what is happening on your Nas If you don't log in now you don't want this to be white noise so you probably don't want to select all of these options but for the critical ones or the ones that are of the utmost importance you want to ensure that they're enabled now there are other ways to monitor your Nas and I have written instructions I'll leave in the description for notifications you can even set it up on your phone to get push notifications if you're using the DS finder app but as long as you're getting some type of notifications so that you're aware if anything happens on your Nas that's the important part now I have a full Synology Now setup guide that you can go through and follow if you have a new Nas and just kind of get an understanding of all these different settings how they work what you might or might not want to implement and that will go through all the settings but from the perspective of looking at the most important settings if you schedule data scrubbing if you set up a UPS if you understand shared folder permissions if you never use UPnP and you ensure that you're getting notifications for the most part you can rest easy that your Nas is configured to best practices so I'm hopeful that this video helped you out if it did please consider giving it a thumbs up if you have any questions or anything that you want to add other settings that you think are important please leave them in the comments I'd love to hear them if not thanks for watching and I'll see you next time

Info

Channel: WunderTech

Views: 4,078

Rating: undefined out of 5

Keywords: synology nas security, synology nas data integrity, synology nas settings

Id: neWmCToRJMQ

Channel Id: undefined

Length: 12min 22sec (742 seconds)

Published: Sun Sep 17 2023