QNAP is warning its customers that attacks are being carried out targeting the manufacturer’s NAS servers, cybercriminals are carrying out brute force attacks, to try to access the NAS server with administrator permissions and take complete control of the computer. QNAP recommends carrying out a series of basic configurations to protect the NAS server from these attacks, since, in the graphical user interface of the QuTS operating system, we have functionalities to mitigate these attacks.
What are cybercriminals doing attacking QNAP NAS?
QNAP NAS servers are always connected to the local network and also to the Internet, we ourselves open ports on the router to remotely access the FTP / FTPES services, SSH server and even also the VPN server that we can install on the own NAS server. Cybercriminals are carrying out attacks with automated tools that search for QNAP NAS servers that are connected and accessible to the Internet, to later try to enter them with administrator permissions with lists of dictionary passwords and even brute force.
Recently, the manufacturer QNAP has received information from its own users indicating that they have a large number of attempts to access their NAS servers, this type of attack by hackers is very common, and occurs daily all over the world. It seems that, in this case, there is a group of cybercriminals who have focused on wanting to compromise QNAP NAS servers. If the attackers try to access and give the password, then they will be able to access all the files and even our home local network using VPN, if the attackers cannot access it, it will appear in the logs of the NAS server that has been tried to start unsuccessful session.
Recommendations to protect the QNAP NAS server
We have many ways to protect our QNAP NAS server, some options depend on the configuration of the QNAP NAS itself, and other options depend on the configuration of our router.
Disable UPnP on router and NAS
For security reasons, it is always recommended to disable UPnP on the router, so that any equipment that tries to use it will not work directly. If our router does not have the option to disable UPnP, then we should disable it on our NAS server, so that the NAS itself does not open any port via UPnP on the router, in this way, we will only open the ports that we want.
Open the necessary ports on the router
In the router we only have to open the ports that we really use, for example, the FTP / FTPES server to access remotely, however, if you want the best security, open only the port of your VPN server on the NAS, and then access to the server’s FTP server. In this way, you will only have open the VPN port where you need to use digital certificates (OpenVPN) for the connection.
Use strong passwords
It is essential that you use strong passwords, especially for users with administrator permissions, it is essential that no one can access their user credentials in an illegitimate way.
Activate access protection by IP and account
QNAP has a system that detects access attempts from a source public IP, and if it makes several attempts, it blocks it completely automatically. In “Control Panel / Security” you will find all the details and configurations that it allows to carry out.
Deactivate the “admin” user
Another interesting security measure is that you deactivate the “admin” user, the steps to follow are the following:
- Login with admin
- Create a new user with another name, and add him to the administrators group
- You log out of “admin” and log in with the new username
- We go to “Control Panel / Users” and disable the “admin” account.
In this way, cybercriminals will have to know the username and password, because with “admin”, they already have the username.
Install QuFirewall and configure rules easily
QuFirewall is a software that we can optionally install on our QNAP NAS, it is a very easy-to-use firewall that allows us to limit access to the NAS only to public IP addresses in Spain, denying the rest of the world. It also allows authorizing connections from certain rules, and many other very advanced configuration options.
With these basic tips, you can protect your NAS server from brute force and dictionary attacks. Of course, other basic recommendations are to always keep the NAS server updated to the latest version, not to install applications outside the official QNAP store, and even to install QNAP MalwareRemover to check if there is any type of malware installed on the NAS.
