How a few simple fixes made my NAS far more secure
My NAS has been a part of my home for years now, and it has taken over the kind of tasks that I hadn’t ever thought a NAS could do. While it has made my life a lot easier and streamlined, living with a NAS for this long also meant making a fair share of security mistakes. It didn’t seem like a big deal since everything stayed on the home network and within my family. But with the growing number of apps on the server, and the times I had to enable remote access, I needed to fix a lot of security loopholes that I had earlier left as is.
These are the biggest ones, and I finally fixed them.
Direct internet exposure
When convenience cost me my peace of mind
I thought of NAS as my personal cloud replacement, which could do everything Google Drive did, including seamless remote access to my files from anywhere in the world. If an app suggested opening a port, I did. Thankfully, my server wasn’t attacked by random login and bot attempts as I came to my senses just in time.
The first step I took was to cut down all kinds of remote access, including first-party solutions like QuickConnect (which, anyway, is unusable for moving large files with its snail-like speeds). I moved everything over to Tailscale for instances where remote access becomes unavoidable, while making sure to never expose the NAS to the internet without safety. Routing everything through the VPN has brought me a different kind of peace of mind.
Using weak or repeated passwords
It could’ve compromised everything
We assume that the stakes are low since the server lives inside our house, leading us to use simple-to-remember passwords and even reuse them, because why not? It was fine early on when my usage was limited, but over time, with increasing touch points, from backup apps to productivity containers and their managers, I realized this habit was going to cause me problems.
