Brute force attacks on NAS products - how to protect?

Permissions, domain/LDAP, power, security, notification and more.
Locked
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Brute force attacks on NAS products - how to protect?

Post by titanrx8 »

This week there have been numerous brute force attacks reported against qnap and Synology products. One of my TOS servers was also attempted to be probed but my network firewall blocked it.

Synology has advised their users to take several actions in defense. The first was to change passwords and use strong passwords.

Next they advised deleting the default "admin" account and creating a different account in the admin group.

I know that I can create a different admin user, but is it possible in TOS to have a different password for root? At present the root password is the same as admin but I'd like to make a different one if possible.
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: Brute force attacks on NAS products - how to protect?

Post by TMroy »

Thank you for your information. Untill this moment, we didn't receive any report about brute force attacks on TerraMaster NAS, but a stronge password is always recommended for admin group users, and it is recommended to change admin password from time to time.

Currently you can't set a different password from admin for root.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Re: Brute force attacks on NAS products - how to protect?

Post by titanrx8 »

TMroy wrote: 14 Aug 2021, 13:00
Currently you can't set a different password from admin for root.
Ok thanks.
User avatar
sianderson
Posts: 293
Joined: 02 Aug 2020, 03:42
Great Britain

Re: Brute force attacks on NAS products - how to protect?

Post by sianderson »

presumably they can only brute force if the nas drive is exposed in someway or there is malware loaded on an internal connection?
F2-210

4.2.43
User avatar
titanrx8
Posts: 222
Joined: 17 Jul 2020, 06:17

Re: Brute force attacks on NAS products - how to protect?

Post by titanrx8 »

sianderson wrote: 15 Aug 2021, 00:36 presumably they can only brute force if the nas drive is exposed in someway or there is malware loaded on an internal connection?
The only time the TOS machine has seen the internet is when TOS was downloaded. Been behind the firewall ever since.
Locked