?？低昻as安全

Your NAS is probably one of the most important devices on your home network, but are you giving it the attention it deserves when it comes to security?

NAS可能是家庭網絡上最重要的設備之一，但是在安全性方面，您是否給予它應有的關注？

The last thing you want is for your NAS to get hacked and/or invaded by malware, like the SynoLocker ransomware that crawled its way onto Synology NAS boxes a couple of years ago. The good news is that there are ways to stay protected from future attacks and prevent your NAS box from getting cracked into.

您想要做的最后一件事是讓您的NAS被惡意軟件入侵和/或入侵，例如幾年前SynoLocker勒索軟件爬到Synology NAS盒上。 好消息是，有多種方法可以保護您免受日后的攻擊，并防止您的NAS盒被盜。

Note: Most of the steps and images below are based on my Synology NAS, but you can do these things on most other NAS boxes, as well.

注意 ：以下大多數步驟和圖像均基于我的Synology NAS，但是您也可以在其他大多數NAS盒上執行這些操作。

勤于更新 (Be Diligent About Updates)

Perhaps the easiest thing you can do to help secure your NAS is keep the software up to date. Synology NAS boxes run DiskStation Manager, and there’s usually a new update every couple of weeks.

要確保NAS安全，最簡單的方法就是使軟件保持最新。 Synology NAS盒運行DiskStation Manager，通常每兩周進行一次新更新。

The reason you want to keep on top of updates isn’t just for the cool new features, but also for bug fixes and security patches that keep your NAS safe and secure.

您想要保持最新狀態的原因不僅在于出色的新功能，還在于可以使NAS安全可靠的錯誤修復和安全補丁。

Take the SynoLocker ransomware as an example. Newer versions of DiskStation Manager are safe from this, but if you haven’t updated in several years, you might be vulnerable. Plus, newer exploits are always being released—another reason to keep up with updates.

以SynoLocker勒索軟件為例。 較新版本的DiskStation Manager可以避免這種情況，但是如果您幾年沒有更新，則可能會受到攻擊。 另外，總是會發布較新的漏洞利用程序–這是跟上更新的另一個原因。

禁用默認管理員帳戶 (Disable the Default Admin Account)

Your NAS comes with a default admin account, and the username is most likely “admin” (real creative, huh?). The problem is that you usually can’t change the username of this default account. We recommend disabling the default admin account and creating a new admin account with a custom username.

您的NAS帶有默認的管理員帳戶，用戶名很可能是“ admin”(是真正的廣告素材，對嗎？)。 問題在于您通常無法更改該默認帳戶的用戶名。 我們建議禁用默認管理員帳戶，并使用自定義用戶名創建一個新的管理員帳戶。

The reason for this is to give hackers yet another layer they have to break through. With a default account, they can use “admin” as the username and just focus on cracking the password. It’s similar to how people never change the login credentials of their router—by default the username is usually “admin” and the password is “password,” making it super easy to break in.

這樣做的原因是給黑客提供了他們必須突破的另一層。 使用默認帳戶，他們可以使用“ admin”作為用戶名，而只專注于破解密碼。 這類似于人們永遠不會更改路由器的登錄憑據的方式-默認情況下，用戶名通常為“ admin”，密碼為“ password”，從而非常容易破解。

By creating an admin account with a username like “BeefWellington” and then using a strong password, you severely decrease the chances of your account credentials getting cracked by a lazy script kiddy.

通過使用諸如“ BeefWellington”之類的用戶名創建一個管理員帳戶，然后使用一個強密碼，可以大大減少您的帳戶憑據被懶惰的腳本小子破解的機會。

啟用兩因素身份驗證 (Enable Two-Factor Authentication)

If you aren’t using two-factor authentication already for your various online accounts, then you should be. Your NAS likely has the capability for this, too, so take advantage of it.

如果您尚未為各種在線帳戶使用兩因素身份驗證， 則應該使用 。 您的NAS也可能具有此功能，因此請充分利用它。

Two-Factor Authentication is great because not only do you need the username and password to login, but you also need another device you own (like a smartphone) to confirm the login. This makes it near impossible for a hacker to break into your account (although, never say never).

雙重身份驗證非常有用，因為不僅需要用戶名和密碼來登錄，而且還需要擁有其他設備(例如智能手機)來確認登錄。 這使得黑客幾乎不可能侵入您的帳戶(盡管永遠不要說never )。

使用HTTPS (Use HTTPS)

When you’re accessing your NAS remotely, you’re probably doing so over HTTP if you haven’t messed around with any settings. This isn’t secure, and can leave your connection wide open for the taking. To fix this, you can force your NAS to use a HTTPS connection at all times.

當您遠程訪問NAS時，如果您沒有弄亂任何設置，則可能是通過HTTP進行的。 這是不安全的，并且可能會使您的連接處于打開狀態。 要解決此問題，您可以強制NAS始終使用HTTPS連接。

However, you need to install an SSL certificate on your NAS first, which can be quite the process. For starters, you need a domain name to link the SSL certificate to, and then link your NAS’s IP address to the domain name.

但是，您需要首先在NAS上安裝SSL證書，這可能是個相當不錯的過程 。 對于初學者，您需要一個域名以將SSL證書鏈接到，然后將NAS的IP地址鏈接到該域名。

You’ll also have to pay for an SSL certificate, but they’re usually not more than $10 per year from any reputable domain registrar. And Synology even has support for Let’s Encrypt SSL certificates for free if you want to go that route.

您還必須支付SSL證書的費用，但通常每年從任何信譽良好的域名注冊商處獲得的費用都不會超過10美元。 如果您要走這條路，Synology甚至免費支持“ 讓我們加密SSL證書” 。

設置防火墻 (Set Up a Firewall)

A firewall is an overall good defense to have because it can automatically block any connection that your NAS doesn’t recognize. And you can usually customize the rules that it uses to keep certain connections open, while shutting all other connections out.

防火墻是總體上不錯的防御措施，因為它可以自動阻止NAS無法識別的任何連接。 而且，您通?？梢宰远x用于保持某些連接打開同時關閉所有其他連接的規則。

By default, most firewalls on any device aren’t even enabled, which allows anyone and everyone through without inspection, and this is generally a bad idea. So be sure to check your firewall settings on your NAS and customize any rules to fit your needs.

默認情況下，甚至不啟用任何設備上的大多數防火墻，這使任何人和所有人都無需檢查即可通過，這通常是一個壞主意。 因此，請務必檢查NAS上的防火墻設置，并自定義滿足您需要的任何規則。

For example, you could have a rule that blocks all IP addresses from certain countries, or a rule that only allows certain ports from IP addresses in the US—the world is your oyster.

例如，您可能有一條規則可以阻止某些國家/地區的所有IP地址，也可以有一條規則僅允許來自美國IP地址的某些端口-世界就是您的牡蠣。

首先將其與互聯網隔離 (Keep It Off the Internet In the First Place)

While all of the above steps are great things to do in order to keep your NAS secure, they’re not 100% safe by any means. The best thing you can do is to just keep your NAS disconnected from the outside world entirely.

盡管上述所有步驟對于確保NAS的安全都是很重要的事情，但無論如何它們都不是100％安全的。 您能做的最好的事情就是讓您的NAS與外界完全斷開。

Of course, this isn’t easy to do, especially if you have certain programs running on your NAS that benefit from being accessible remotely (like using your NAS as your own cloud storage service).

當然，這并非易事，尤其是當您的NAS上運行某些程序時，這些程序可以從遠程訪問中受益(例如，將NAS用作自己的云存儲服務)。

But the important thing to note here is that you’re at least aware of the risks when exposing your NAS to the outside world, and that the above steps won’t keep your NAS 100% safe, necessarily. If you’re looking for the best way to keep your NAS secure, it’s keeping it accessible to only your local network.

但是這里要注意的重要一點是，您至少要知道將NAS暴露于外界時的風險，并且上述步驟不一定會使NAS 100％安全。 如果您正在尋找確保NAS安全的最佳方法，那么它只能讓您的本地網絡訪問。

翻譯自: https://www.howtogeek.com/350919/6-things-you-should-do-to-secure-your-nas/

海康威視nas安全

總結

以上是生活随笔為你收集整理的海康威视nas安全_确保NAS安全的6件事的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。