Simple Synology Settings EVERYONE should be using (Basics)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
all right how's it going y'all so today I want to make a video on everything that people need to be enabling on their technology to ask I do a ton of Consulting for this channel now and I really see a lot of mistakes here and these are the things that I really recommend every single person set up so this one is going to be kind of split up into two different sections part one are no reason not to there's a hundred percent of people should be doing this you really have to know what you're doing in your super specific use case to have any reason not to these are going to be super basic things that we're just going to run through in control panel right here and just tick off and make sure they are enabled and then part two of this is going to be things I highly highly highly recommend but do not necessarily require for every single use case it's probably going to be like 95 and we'll go over what reasons you would not do that for different things here all right and so my background here is I do a lot of Consulting for this channel I am in Synology is a ton and I find these issues a lot and these are going to be the issues that I have found people have enabled and then have caused them issues down the line and so we're just going to go right into it by the way you can hire me there's a link in the description all right so first off we're just going to log directly into DSM here and we're going to go into control panel so the first thing that I see so many people have issues with is not having a recycling bin empty schedule so I'm just going to delete mine right here and so what this is is this is a schedule to empty all the recycling bins so different shared folders are able to have recycling bins you can control on a shared folder level the issue is by default that is ticked as a yes you want to create it so if we go into create shared folder we're going to see right here that this enable recycling bin is by default ticked as enabled and so most people are just following the default and going to leave that on the issue is there's never a task to empty the recycling event I'm not joking when I say I have had numerous cases where this has saved over 50 terabytes of data me emptying the recycling button one of my recent clients had a 120 terabytes of data in the recycling bin and I don't blame them for not knowing about that because they had another company set this entire thing up and they were just like Hey we're running out of space we got to talk about how we're going to expand this thing do we need a new Nas no they just need to empty the recycling bin and so it's totally normal to have that happen and I bet if you look through here a good chunk of y'all are going to have recycling bins enabled with no task enabled to empty them and so you're just going to be stuck with tons of data in there and so setting this up incredibly easy we're just going to go down into task schedule and we're just going to create a new task it's going to be a schedule task and it's going to be a recycling bin I always call it empty bin and for schedule you want to run it every single night these are just defaults for everybody run every single night and then you've got kind of two real options here either delete all files that means essentially a recycling bin is just there to have files for the working day so if somebody deletes a file they can immediately go back to it and grab it if they need to or you can say number of days to retain files so the other option there is essentially if you delete a file it will stay in the recycling bin for in this case seven days and so on the night of the Eighth Day once it's been seven days since it's been the recycling bin it will then go ahead and empty that specific file once it has been in the recycling bin for more than seven days and so that is totally up to whatever your settings are you can get more advanced here but for most people I would just say two days I don't know a lot of people who use the recycling bin and btrs snapshots are a far better solution than that so that is 100 of people even if you don't have recycling benefits enabled I would honestly just set this up just because one day you might have it and you might forget about it so you really just want to have this set up and run otherwise you can end up with a ton of space you did not mean to so we're just gonna hit okay and before I get out of this I gotta say this window is something you need to pay attention to I hate that the blue Mark is yes so this window right here says do you want to enable recycling bins for all shared folders this is a nice way to do it it's a nice to have but the default should not be yes the default should be no because this is a major change to a lot of things so more likely than not you're going to want to click no and just set up recycling bins as needed btrs snapshots are a far better solution than a recycling bin recycling bin should really be used for that I just deleted a file I need to get it back right then versus long-term stuff you're probably going to want to click no here and just set up recycling bins however you'd like to and so that's it that is number one every single person should have an empty bin task because if you don't you can just end up swelling with tons and tons and tons of space and it happens all the time all right and so now on to a quick security one for number two we're going to be setting up autoblock so we're going to go into the security tab right here protection and enable autoblock everybody should have some form of autoblock enabled even if you don't necessarily have any external access to your Nas you never know what's going to happen maybe a computer on the network gets a virus or something like that so having autoblock enabled is very useful for external users people who have the nas hooked up to the external internet especially if you've opened up like the FTP port or SFTP or anything like that I would recommend having probably the settings right here and then for users who don't really have external access set up maybe you can say 100 login attempts within 60 minutes that way if somebody's trying to brute force their way into your ass they're going to get blocked but regular users who may have like not logged into NASA in a while have totally forgotten their password or something won't necessarily get blocked immediately another thing you can do is just set up an autoblock expiration after a day that is totally up to you in all reality as long as you've got long passwords it's probably fine but if you're running a business with a lot of users specifically you probably don't want that enabled and you want to be able to unblock people as required and so everybody needs some form of this you really have to ask yourself who your users are and how likely they are to get really annoyed and not understand if they've been blocked and How likely they are to forget their password but default clean ones are probably if they try 10 different times that's a lot and say 10 times within five minutes is pretty easy one that is just an easy default that everybody should enable another thing you can do if you are worried about people locally on the network getting blocked out you can of an allow list that will not block specific IP addresses so one use case you can set up for this is if your computer has a specific IP address on the local network that it always grabs you can add this to just say okay I know my computer is going to be fine it's very unlikely to get a virus and so I'm going to make sure I never get blocked out of my account obviously if you need to you can either just grab a new dhgpi address or very easily do a quick restore on the nas to get the block list flushed out and so that is number two you need some form of autoblock for everybody there's no reason not to enable this just because brute forcing a password is pretty much the only way to get into a Synology to ask as an unauthorized user unless they've stolen credentials or have somehow found a vulnerability within DSM and so there's really not been that many situations where DSM has ever been at fault necessarily for a ransomware attack in general it is either a computer on the network who has credentials to the nas gets a virus or somebody leaves like the SMB Port opens the internet and does not have autoblock enabled so definitely enable autoblock all right and so that is number two all right and so number three is going to be actually disabling something that I've seen a lot of people enable just because it's entirely useless from a security perspective and it drives you crazy so it's going to be under users and groups advanced and password expiration so this is one case I'm kind of skipping ahead here where it's actually something that not everybody has to disable I'd say 99 of people need to disable this if they've got enabled it's not enabled by default but I think some tutorial out there may say have a password expiration for more security security research has shown that having a password expiration does not really do anything at all for security it is one of those things where if you've got that people are just going to increment the last character or they are going to start writing out passwords they're going to make it a lot less safe than if you just give them a really strong password if you make them use a strong password and so the issue with password expiration is it's going to make your users a lot less likely to use the nas is going to drive them crazy and also I've had numerous cases where somebody's not logged into NASA in a long time their passwords expired for their admin account and now they have to do a soft reset on the nas so that is one of those things where it is really really really annoying and I would not recommend having a password expiration on here unless you have a very specific use case and your company policy just requires you to have it if that's the case it's unfortunate and you've got to do it but definitely have that disabled all right and so now we are going to go on to our discs for a few things so we're going to go into storage manager right here right now my uh Nas I ripped out a hard drive to use it in another place this is just my test bench so you can see it gets ripped and rebuilt quite often it's just the test bench I promise so what we're going to set up here are two different things for number four and number five and so number four is going to be smart tests Now by default Synology does enable Smart tests now but if you've got a legacy Nas that has been upgraded you might not have them enabled and you just you really want to make sure these are enabled so you're going to go into task schedule and you should have a smart test I would recommend every single person have a monthly smart test so essentially go through sparked Quick Test all supported drives schedule monthly easy enough and then every six months do an extended test so an extended smart test extended smart tests do take a lot longer but they are supposed to give a lot better results and so we're just going to hit okay and so essentially what this is going to do is we've got two different tasks here one is going to do a smart test every single month and that is a very quick test and the other is going to do an extended test this is an extended test that's only going to happen twice a year but it's really going to look at every single sector on the drive and make sure everything's good it can take quite a long time so you may need to change the time that it's running you can run it on the weekends when people are not there and so it's just very useful to have those because they give you great data about the failing rate of a hard drive and can really tell you if a drive is about to fail and get you the ability to replace it before it ever actually starts throwing errors alright and so now that was number four and now on to number five is going to be doing a disc scrub of your pool so even if you've got an ext4 volume you still should be doing this because it is very useful for figuring out if you've got errors on your disks so we're going to go into schedule data scrubbing enable data scrubbing unfortunately I am not going to be able to on this pool because it is degraded so there's nothing to scrub so you would check enable repeat every three months is generally what I recommend and then you can even select a time frame to run the scrub a scrub can be happened at the lowest priority and it's perfectly resumable so what you can do is say I'm only going to run it off peak hours and as long as you give it a couple hours a week it does not have to be that many hours a week that you need to do if you're only doing it every three months it's probably going to finish all it needs to really do is finish within three months so just give it some sections of time where you know nobody's really using the nas that much to run and that way if there is a bit Rod found on your drive it's either going to fix it itself if you've got btrfs with the checksums enabled or it's at least going to warn you and figure out and try its best to fix that so there's a lot of stuff there really useful you definitely want to have a scrub running because it is just a no-brainer all right and so now that was number five so now from now on these are going to be things that I highly recommend that will be true for 99.5 percent of users but there are some real use cases I'm going to try to explain those where you might not want to do this and so that is going to start off with some basic settings over here so I'm going to close out these windows and we're going to go back into control panel and these are going to be just disabling some things for compatibility and just getting you running as soon as possible so first off we're going to go into file services and we're going to look at some SMB settings that you really want to make sure are not enabled so under advanced settings you really do not want to have smb1 enabled because there is a security vulnerability to it specifically there are a few use cases if you're using really old versions of Windows where you do need SMB V1 enabled but you should not enable it unless you actually have that case so what I would recommend everybody do is disable it and if stuff starts breaking and you can't fix it only then enable it just because it has vulnerabilities within it I don't think they've ever been exploited on the Linux version of Samba but they are there so that is going to be making sure your minimum SMB protocol is at least smb2 and so then we're going to go on to some advanced settings here which is another one you really want to make sure that ntl and V1 off is disabled so the one group of people here who might not be able to do this are Sonos users Sonos uses ntlmv1 for authentication so you do need to use that if you have a Sono system I hope they're fixing it so if you're watching this in the future I would recommend updating Sonos seeing if you can uncheck that and then if you do and Sonos still breaks unfortunately you have to turn on from my understanding it is not as bad as SMB V1 but it is still something that can be brute forced see I would recommend disabling that unless you really need it it's not going to absolutely destroy your security system but it's not something I would recommend having if you don't need it all right and so now we're going to go into AFP and so if possible I would recommend disabling AFP so Mac OS has deprecated AFP for a very long time but in some cases AFP is still the best option there's a few operations that happen on Mac OS that happen way faster on AFP than they do with SMB specifically when you have a ton of files in a directory that are all in top level AFP loads 10 15 times faster and so there are some cases to use AFP but if at all possible try to get your max onto SMB if it works flawlessly for you perfect you don't have to worry about anything in the future but if you can just disable AFP because eventually you're going to have to there's a lot of talk of it being totally removed out of DSM Apple has disabled it from Mac's even hosting servers for it and so it's going to be very soon where it is no longer going to be in Mac OS and you're going to need to be moving over to SMB and so the sooner you do that the better there are some issues in some cases if you've named files with special characters but eventually you're going to have to buy that bullet and so I would recommend doing it now rather than later just to buy the bullet obviously take some time when you have the chance and do a little bit of testing but I would really recommend disabling that now for a really quick dumb one it is going to be make sure that this account this admin quote-unquote account specifically the account named admin a lot of people ask me questions about this trying to disable all admin accounts we're going to use administrator as the role that somebody has to be able to have root privilege over the next basically total control over the nas as a separate term as admin so admin the account named admin should be disabled this is true for almost everybody except in a couple of very specific cases where I'm like okay you're completely sequestered on your own network you've got a strong password on the admin account so I would really recommend disabling this if at all possible and migrating off just because it is a vulnerability especially if you've got remote access if you've got remote access I would say you definitely need to figure out how to get off the admin account there are ways to be secure about it because at the end of the day even if I know the fact that the account name is admin they still have to guess the password and so that's a lot more characters to guess but for almost everybody disable the admin account and start migrating off and using their own accounts for everything like that that is not to disable your administrator account so you can see I'm logged in as will admin and you can see I'm under the administrators group that's separate you want to disable the admin account right there so now on to another really useful thing to have enabled and that is going to be under power settings and that is going to be power recovery this is super useful essentially if your power goes out when the power comes back on the nas will boot back up so I recommend most people actually have this just because if you're traveling abroad and your power fluctuates at your house you want your Nas to be able to boot back up and now you have your data back instead of being completely out there the one case where you might not want to do this is if you have very very common blackouts and you don't want to have a case where the power comes on for like two seconds and then shuts back off and it's constantly like half booting because that can cause some system corruption possibly especially during the boot sequence and so that would be the only real case is if that's a very common thing for you to happen is to actually have power blackouts coming in and out but other than that power recovery super nice especially in the Enterprise you definitely want this because you don't want people not having access to the nas so now on to another one that's going to be a bit controversial in a sense and that is going to actually be to sign in with your Synology account so specifically you want to sign into your Synology account and I'm not paid for this Synology has never paid me any money at all but it is the easiest way to sign up for active insight and for users it's free if you only have under like five nases it's free and specifically active Insight gives you really easy email notifications and so I would recommend signing in with your Synology account even if you disable quick connect if you're really privacy focused you can totally disable this and you won't have any kind of stuff being sent to Synology but if you're just a regular home user you're not too worried about Synology knowing that you have a Nas signing in with your Synology account allows you to sign in with active insight and active Insight will automatically give you email notifications if something goes wrong this is really useful for something like oh a hard drive is dying you'll get an email notification about it all those kinds of things if you do not sign in with your technology account I would really recommend somehow signing up for email notifications it'll take a Gmail account I've got a video on that but do one of those two options the reason I recommend using Synology active insight for this is because I've had issues with oauth tokens sometimes just breaking with your Gmail account and so it can lead to a case where you think you've got email notifications on but then they just don't work and so by having active Insight in my experience it's just the easiest way to sign up a client to have email notifications and email notifications are super super super useful all right so now these were like kind of the no-brainer just general settings the next piece is going to be just two really quick things and I'm not going to spend a ton of time on them here because I've got incredibly dedicated videos on both of these topics and that is going to be back up your data number one set up a hyper backup job in some case to have some form of backup it does not have to be backing up every single gigabyte on your Nas now most people in my experience ninety percent of their Nas is just clusters of videos that are really nice to have but you know if they lost them it's not the end of the world but then there's that 10 percent that may be a terabyte maybe it's only 300 gigs that is crucial for you to back up make sure you've got a task backing them up raid is not a backup there are cases where your nasking completely pork and the BTR FS volume can crash it's pretty rare I've seen a couple times though to be fair I see people when they're at their worst but it can happen and so that's why having a backup of your really important data is so so crucial next up is going to be setting up Snapshot replication this is only going to be for people who have a btrfs Nas and are running a btrfs volume so these are the people you need to be signing up for it I've done dedicated videos I will leave those in links in the description even if you don't have a backup a half approach to it is at least having snapshot replication which can actually save you from a lot of forms of ransomware pretty much all forms of ransomware and less analogy itself Synology DSM gets hacked to its core so I would really really recommend everybody set up Snapshot replication who is able to you don't even have to replicate them just set up snapshots make sure to do that unless you have some very specific use cases all right well that's going to be it for these really basic settings that everybody needs to be enabling on their Synology Nas I have a lot more advanced tutorials for much more in-depth things but these are just from my experience with clients these are the things that are super super super low hanging fruits that everybody needs to be enabling and setting up just because it doesn't take much time it's not like you can really mess it up too easily and it can be incredibly valuable for you and just really make your Nas into a much more stable and better platform go and leave any other tutorials or really anything you think I missed in here in the comments below and have a good one bye [Music]
Info
Channel: SpaceRex
Views: 104,589
Rating: undefined out of 5
Keywords:
Id: GL11Tq_W6FE
Channel Id: undefined
Length: 23min 27sec (1407 seconds)
Published: Wed Nov 23 2022
Related Videos
How to Setup a Synology NAS for the first time in DSM 7 (Complete Guide for 2021+)
SpaceRex
182K
Synology DS923+ vs DS1522+ ~ you probably want the DS1522+
SpaceRex
30K
STOP using Cloud Storage! Do this instead:
Liron Segev
293K
The COMPLETE Synology Photo Guide
SpaceRex
34K
What Hard Drives Should you Buy for your Synology NAS?
SpaceRex
64K
is Quick Connect Secure for Synology?
SpaceRex
24K
DSM 7.2 Finally Released - New Features!
SpaceRex
43K
Build Your Own NAS vs Buying a NAS?
NASCompares
104K
RAID Levels Explained RAID 0,1,5,6,10 - Which one is right for you and Why?
SpaceRex
16K
Synology Most Commonly Asked Questions
SpaceRex
16K
Synology NAS Beginners Guide - Get setup in only 15 min! Synology DS923+
MK - Creator
17K
The Complete Guide to Remotely Access Synology NAS - All 5 Options Explained
SpaceRex
37K
How I Handle File Management and Backups: My NAS Setup
Christopher Lawley
20K
Top 6 UPGRADES for Synology NAS - are they worth it?
SpaceRex
33K
All Synology Backup Methods Explained and Which One is Right For You?
SpaceRex
60K
Synology DS923+ NAS 6 Months Later - Still Worth It?
NASCompares
19K
Getting started with Synology for the Home User, Part 1 | Synology Webinar
Synology
279K
Full Volume Encryption - The MOST Exciting Feature on Synology DSM 7.2
SpaceRex
7.1K
Synology DS923+ Overview and Quick Setup
Willie Howe
8K
Synology DS923+ The disappointment is real! See this before you buy!
DigitalJedi
38K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.