Hi Know How

[G+_Allan Madsen]

Hi Know How

 

I have with great pleassure followed your "Synology Madness".

For some years ago I bought my frist Synology Diskstation, a DS 209+II.

Unfortunatelly I never managed to get that much use of it, as I was not sure how to connect an ensure the safety.

Anyway, your show inspired me to buy a new model, the DS 718+.

My goal is to set it up to host my private Web-, mail- and file server. And maybe later SQL database, survailance- and print server as well.

And maybe use the old NAS as private backup server.

I am very focused on security, but I am not experient in all the network, ip, port setup and so on, and are therefore insecure that I can trust it enough to let it be my primary host for mail, media and documents.

 

In one of the episodes it was recommended not to open any ports in the router, as it could be a potential risk.

But according to the guides on Synology.com it is nessesary to open specific ports to make the different sevices work.

I understand that connecting to the NAS through quickconnect is a safer way, but quickconnect dosn't work with all services, so how do you host services as Web, FTP and SQL db without open any ports?

Or am I miunderstanding something?

Hope that you can help me understand it better, as I'am a little confused and worried now.

 

Look forward hearing from you...

[G+_Gene Hill]

You mentioned wanting to use it for private web/file/mail servers. Does that mean you intend to only access it from inside your own network and not over the public internet?

[G+_Gene Hill]

The big concern with opening ports and port forwarding is when they are open to the public internet. It's is very difficult to secure services when they are open to anyone connecting from anywhere in the world. So when you hear about the dangers of opening ports or port forwarding it's usually about the outside internet, not your internal Network. It's much safer to open those required ports for internal web services.

[G+_Randy Widell]

Couple of things:

 

1. If you want to use the Synology as a mail server, that could be problematic depending on your ISP. Comcast, for example, does not allow incoming SMTP traffic for their residential customers specifically to disallow hosting private email servers. So, you would be able to send emails, but your server would never receive emails.

 

2. You have two security things to consider when opening a NAS (or anything else) up to the Internet: a) the contents of the NAS, and b) your network.

 

To address (a), do not store anything sensitive on the NAS if you use as a server. In my case, my NAS is a staging area for Azure backup via Synology's HyperBackup application. So, the idea of opening my NAS to the Internet is a non-starter.

 

To address (b), put the NAS on a different LAN segment, e.g. 192.168.2.0/24 if your main network is 192.168.1.0/24. You can then modify the firewall on your router to allow zone forwards from .1 to .2, but not vice versa to prevent a compromised NAS for seeing the rest of your network.

[G+_Allan Madsen]

Gene Hill Hi Gene. Thank you for your reply. I would like to access it from anywhere in the world. I always have been wondering why to open up the ports, and wether it would compromise the security...

[G+_Marco van Laerhoven]

This is a nice post on the topic https://plus.google.com/110737842067623105607/posts/KLxg5QcUyRG

plus.google.com - FYI... Synology QuickConnect I wanted to figure out how QuickConnect actually...

[G+_Tailsthefox Pelissier]

I saw an youtube video on installing Windows 10 under an vm app on one as Network OS. Doing that on their nas boxes may be their for that rezone. Since an vm app will sand box those things. I hope if they do an Synology Madness 2.0 that they show that since it may help. I forexpull don't need Windows 10 all the time but the times i do i can get away with running it in an vm app not installing it on boot camp.