Settings EVERY Synology NAS should have in 2024 - DSM 7.2

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
all right how's it going y'all so today we're going to be going over things that pretty much every single user should have set up in xology DSM and I will say there's a few caveats to this and if there ever is I will let you know and we're really going to be focusing on just the bare necessities that you should probably be able to set and forget and not really worry about also if you'd like to hire me there's a link for that down description below I do Consulting all right so these are all going to be really focused on making sure that your data is protected that you're not filling up your NASA necessarily and just that you know stuff that is going on and there have been some major updates in the last year that have a lot of great new features that we're going to be using here so if you're not on DSM 7.2 you really probably want to update now so I'm going to be talking about a few different really nice DSM 7.2 features here go ahead and update because it's well worth it and it is Rock Solid Ste there are a few units that it will not work on and that is unfortunate all right so we're going to kind of section this off into different parts security data protection last data well-being and just overall ease of use slnas cleanup is the easiest way I can describe it and so we're going to start with security pieces here there's a ton more that can be done here but these are just really good quick and easy things you can just Chuck Chuck Chuck Chuck cheuck off and make sure you have so the very first one we're going to go in is we're going to go into file services and make sure that you've got smbv1 not enabled so your minimum SMB protocol should be smbv2 with the exception of people who have like a Sonos or a really old like Windows 7 box or XP if you have to enable SMB V1 some older devices only support SM SMB V1 really just go through and make sure you have a good secure local network because it is okay to run this if it's on a firewalled off system but the vast majority users just set it to smbv2 and if something breaks they you kind of can figure it out from there and in the exact same vein while you're doing that make sure you say disable ntlmv1 off so both of those are the exact same boat normally you actually have to enable both at the same time to do it so ideally minimum SMB protocol s SMB V2 and disabling ntlmv1 authentication then from there it's pretty well secured out next up we've got a whole list of things that unless you really know what you're doing you should have disabled and that is going to be AFP AFP has been deprecated by Mac OS definitely definitely disable that unless you really have to and if you currently have it enabled see if you can get off of it as soon as possible because it is no longer supported by Mac OS and inevitably there are going to be security vulnerabilities associated with it NFS unless you really know what you're doing with NFS you should probably have it disabled because NFS doesn't really have authentication you use IP BAS base authentication so realistically unless you know what you're doing and you've got a close off VLAN that's just for storage for virtual machines don't touch NFS until you know what you're doing FTP ideally you don't have just standard FTP on instead you use something like ftps or SFTP but disable that one if you can all right so those were all pieces that were probably good to disable unless you know what you're doing another one is going to be SSH I all always SSH into my Nas but unless you know what you're doing probably a good idea to leave off until you're comfortable sshing in just because it's one of those things you just don't want to leave open unnecessarily but first I'd like to take a quick break to than the sponsor today's video delete me did you know that your personal data is being sold online by data Brokers you have the right to privacy and to protect your personal data online data Brokers are corporations that collect huge amounts of personal information like addresses phone numbers birthdays and even Social Security numbers from sites like government public records and even social media they then aggregate this data to create listings and profiles and then sell that data to either other data brokers who will just sell it to other people or companies who want access to private information for things like targeted ads having this information out there increases the risk of being targeted for identity theft or of being the target of a fishing scam delete me can help protect you from the risk of identity theft by removing your personal data from hundreds of data broker websites they then show you a privacy report showing you all the personal data they were able to find and remove and they then continue to monitor websites and do further takedowns as required get 20% off delete me Us customer Plans by going to joinme.com Rex and use promo code Rex checkout that is join delet me.com reex promo code Rex thanks to again to delete me for sponsoring this section of video now back to the video all right so that was my list of features that you probably want to have disabled next up we're going to have just some overall security settings here so we're just going to pop into security and in general you're going to want to go into account and at minimum enable adaptive MFA because this is super easy it is a DSM 7.2 feature that allows you to just have if an admin is signing out from outside the local network they have to have a email code sent from ay.com email address that has the emergency code to get in it's the same thing your bank uses really easy and it's a great place to get two Factor authentication you get like 90% the benefit of two Factor authentication for 10% the pain so definitely something to enable firewall most people actually do not need a firewall so we're not going to have that enabled and then this is something everybody should have on and that is auto block this is what I like to have 10 log attempts within 5 minutes and unblock after one or two days these are all easy things to set up that give you a significant amount of security auto block is a must have for pretty much every single environment unless you have really specific use case because you don't want people to be able just to brute force their way in eventually so rounding out the security section we have making sure that this account label as admin is disabled it's okay to have multiple accounts under administrators but the account that is called admin is a special account that you really don't want to use you should just have it deactivated and then just put your user and whoever manages the nas in the group under administrators that's the easiest way to do it you just add people to that and that gives them the permissions if you also want to be extra cautious I will often just come in here and say change password generate a random password and hit save even though the NASA is deactivated I still always just change the password out of habit just in case it's ever one of those things that bites you right all right so that rounds out the basic security stuff we got a couple more things here that are just kind of in the gray area and that is going to be under our scheduled updates so we're going to go into our update and restore settings and under update settings I would recommend every single person at at minimum say automatically install important updates because this allows sonology to auto update your Nas If there's a massive cve that is resolved so say there's a massive vulnerability found right here this will allow sonology to automatically update your Nas with that bug fix then for just minor feature upgrades and everything like that they don't touch it I think this is a great minimum place to be for anything that's exposed to the internet at all if you are using the nas as like a VM server obviously you probably don't want it to auto update especially if it's on a closed off Network so that is up to you but for pretty much everybody else automatically install updates just in case next up we've got a feature that I blabbered to death and that is scheduled snapshot and it is a great transition between security and data protection so you want to make sure you go to the package Center and download an app called snapshot replication then come in here here and set up Snapshot schedule on all your shared folders except for active back of business time machine or surveillance cameras those are the three that you kind of want to set up a different snapshot schedule on but we're not going to talk about those here too much basically when in doubt have one snapshot a week for those two and have them deleted after three weeks is normally what I'll do and I just won't have snapshots for security cameras but for everybody else just shift select everything go into settings and just create a snapshot schedule that starts at 8: a.m. every 2 hours to 8:00 p.m. then set this on up to say all right we want to keep Snapchats for 14 days and then dailies for 30 days this is like just my my default it's a great place to be and set this up and watch my video on snapshots because snapshots will protect you from so much stuff they can help protect you from things like ransomware because if a computer on the network get a virus and encrypts all the files on the nas it probably encrypted them just via SMB and does not have admin access so you can just undo it there's so many things here to absolutely check out and make sure you've got on definitely definitely if you do one thing in this video it's set up snapshots right now I talk about in other videos but when you're thinking about how much space these snapshots are using it's nothing more than the space recycling bin that emptied after 30 days would use so if you don't delete any files takes up no space but if you delete a one terab file you're not going to get that space back for 30 days but you can recover your data for 30 days so that is a great place to be and then just make them visible is generally what I'll do super useful check it out in other videos I go over it a lot but you really want to make sure you've got a snapshot schedule running continuing on with our schedule data protection we want to go in and we want to make sure we've got a scrub setup on our volumes so it's not set up by default but when you come in here you want to make sure your volume you hit schedule data scrubbing select all volumes repeat every 3 months and then I also always set run data scrubbing only during specific periods and set the time grid so set this time grid to outside of working hours or outside the time you're using the nas so that way the scrub is only running when you're not using it basically what a scrub is is every 3 months the Nas is going to read every single file on itself and it's going to check them for errors btrfs and also with raid a little bit you get some too even with exd4 they can actually recover from small errors per section of file but they can't recover from multiple so essentially if a hard drive flips a one to a zero or a z to one the file system can recover it as long as it doesn't happen too many times on the same file before a data scrub is run or the file is read so by setting up a data scrub to run every 3 months you make sure that your files are read every 3 months and checked for errors and this gives you the ability to almost guarantee that in 15 years that file is going to be readable because it's been read every 3 months ever since and if it has gotten any errors which hard drives have bit rot they flip ones to zeros because of solar flares I'm not even joking it will be able to help make sure that there's not so many errors per section of file that it's irrecoverable so set that up and once again a thing you can completely forget in the upper right hand corner you will sometimes see a scrubbing status don't worry about it just let it do its thing and that's it another one that's a bit for performance over here is under settings disable record file access time it's not really used for much of anything and I also like to enable usage detail analysis just to kind of see what space is being taken up on the nas but right now because I shut this Nas Down without actually powering off properly and I did a whole bunch of things wrong with this Nas it is having to reoptimize the drives so I can't do that currently another one in the same vein of protecting data is to make sure you have a smart Quick Test running every 30 days normally so I don't really schedule extended tests that often anymore because I really have not found them to be that useful so just go in and create a quick test on all drives I'll be honest with you I've not seen these actually give great results but it's still probably just a good thing to schedule in general if a hard drive has an issue it's going to tell you before a smart test actually will find it at least from my experience then if you do find an issue that's when you can run an extended smart test or at least that's how I do it normally another piece to data protection is whenever you're creating new shared folder by default you should always just hit enable data check some for Advanced Data Integrity pretty much always it is really good to have and from my testing does not really decrease your performance at least in any way that I've been able to really measure and so it's a great thing to just by default check on every single folder unless you're needing to have like a database on here that needs super quick access so just always enable that data check some for Advanced Data Integrity pretty much every single time you set up a folder I will say it's probably not worth wiping and redoing a folder just because it's not on but just get in the habit every single time you set it up go ahead and execute that now we also want to make sure that if the nas has a problem we get notified about it and so that's where you want to come in here under notifications this is another DSM 7.2 feature make sure you've got a email to your sonology account and this is absolutely worth link analogy account for because previously you could use a mail server like Gmail but the problem is Gmail will update the authentication requirements and boom now the nas has to reauthenticate oh but now the nas can't tell you it can't send emails because it can't send any emails so it's a horrible cycle this is somewhat foolproof it will send you an email notification through Sony's mail servers to One account if there's a problem with an assas and so it's a great backup thing to have even if you have have your own mail server on there I still recommend having it just because it can really help protect you and if the nas tells you something's wrong you can fix it before it's a problem all right next one is backup I'm not going to go over here but schedule a backup you need to have a backup nothing we've gone over snapshots are not a backup nothing we've gone over in this video is an actual backup not raid not check sums not snapshots not data scrubbing none of that is actually a backup the only backup is a backup that can be USB copy snapshot replication so an all Drive share sync or probably for most people hyper backup I talk about in other videos buy a 8 terabyte external hard drive leave it plugged in the S 247 and pick your most important files to back up every single night it's an easy place to get started for most people all right so now we got two last things for kind of just Nast usability I don't know to categorize these and one is a really common ER I see and it's kind of funny is the recycling bin make sure you go into task scheduler and you have a task labeled empty bins I always set this up the very first thing I do and say delete all recycling bins and you can choose how long you want it realistically I normally just say 2 days because the snapshots that we set up are a much better version of this than this but you would not believe how many times I've hopped on a call because somebody needs to expand their Nas they want know the best way to and it turns out that they just had a ton of dating their second bin I'm talking 40 terabytes in the past because it's something that if you've not set it up you kind of forget about and you might not even see so definitely make sure you've got a empty bin task and it will absolutely be worth your while we're also going to go in and I really like having restart automatically when power supply is fixed so if the power of the nas goes off when it comes back online it'll automatically boot back up not a bad idea to also get a UPS but I like having this because if you're in France and you really need those files but your power reset you don't have to call up your neighbor to go knock on your door and turn it on manually also while I'm in here this is a really useful thing to know where it is if the nas starts beeping you can come in here and it'll tell you why it's beeping and you can mute it really useful thing to know all right so now one last one that I do find very useful especially if you're debugging performance data ever is to come into your resource manager go into settings and enable the data usage history this way you can get a chart telling you your performance parameters throughout the past years so if you're figuring out why is this thing slow at certain times you can go back and see historic data really easily I really like having this and it makes it really nice to debug when a user says the Nas is slow this one's more for businesses but I still like having it on all right well we just went over a ton of features there there is so many more things but these are all just quick settings that you really want to make sure you've got enabled and you can kind of have a checkbox list off if You' like to hire me there's a link for that down description below I do a ton of Consulting down at yor technologies.com and if you have any other questions you can put those down in the comments below as well any other tutorials you like to see me make all right have a good one [Music] bye
Info
Channel: SpaceRex
Views: 19,146
Rating: undefined out of 5
Keywords:
Id: DQUFEs1OzRs
Channel Id: undefined
Length: 18min 49sec (1129 seconds)
Published: Wed Mar 27 2024
Related Videos
COMPLETE BEGINNER’S GUIDE for Synology NAS - 2023 DSM 7.2
SpaceRex
223K
TOP 6 Synology MISTAKES New Users Make
SpaceRex
15K
The ULTIMATE Raspberry Pi 5 NAS
Jeff Geerling
769K
Synology Home vs Homes Explained - New users most common mistake
SpaceRex
37K
OPNSense: Protect Your Home LAN With a Transparent Filtering Bridge with Step by Step Instructions
Dave's Garage
252K
Ransomware Protection: The Complete Guide for Synology NAS
SpaceRex
70K
Top 6 UPGRADES for Synology NAS - are they worth it?
SpaceRex
96K
Best Starter Synology NAS in 2024 (dont waste your money)
SpaceRex
248K
COMPLETE Guide to Synology Drive - Create your OWN CLOUD
SpaceRex
16K
Why would you EVER buy a Synology NAS?
WunderTech
16K
UGREEN DXP480T Flash NAS Review - The Best SSD NAS Ever?
NASCompares
28K
This MIGHT be the best NAS on the market.
Hardware Haven
71K
I Built a NAS: One Year Later. EVERYTHING I Learned and the Mistakes
Jimmy Tries World
690K
EVERY Synology Feature Explained
SpaceRex
60K
All Synology Backup Methods Explained and Which One is Right For You?
SpaceRex
108K
How to Set up Firewall on Synology NAS (and why you probably do not need one)
SpaceRex
24K
Beginner's Guide: Setting Up Your Synology NAS Easily in 2024!
InsideWire
925
Synology NAS Compete Build, Setup, RAID, Pools and Volumes (2024 SETUP GUIDE #1)
NASCompares
6.1K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.