Security

Both malicious attacks and ransomeware from the Internet can disrupt access to critical digital assets. In businesses where maintaining 24/7 service is paramount, DSM offers advanced security measures to safeguard your data.

Military Grade Shared Folder Encryption

To secure your business data from potential malicious users, DSM adopts the AES 256-bit military grade encryption technology to store your data in a format protected by an encryption key.

  • Ease of use

    Shared folders can be encrypted in a simple and convenient way, and can be mounted manually or automatically on system boot-up.
  • Flexible encryption

    You can encrypt pre-existing shared folders, including the homes folder, for enhanced security.
  • Secure key management

    Key Manager allows you to use a USB storage device as a physical key to mount encrypted shared folders automatically without having to memorize all the encryption keys.

QualysGuard Security Scan

Synology protects your data with various DSM features, while also guaranteeing operating system security with a reliable, market-leading vulnerability scanner, QualysGuard, which allows Synology to conduct thorough system scans and implement remediation on every major DSM release. Get the security scan results of DSM. Learn more

Network Security

Connecting a NAS to the Internet greatly increases its convenience and possible uses, but caution must be exercised to protect it from outside attacks. With DSM, you can block unusual attempts to enter your NAS in a highly customizable manner.

Account Protection

Account Protection helps improve the security of your DSM by protecting the accounts from untrusted clients with too many failed login attempts. This helps reduce the risk of accounts being broken by brute-force attacks.

Firewall

Customize which IP addresses may connect to specific services or network ports on your DiskStation - configurable even based on the IP address's geological origin.

Denial-of-service prevention

Block DoS attacks from the Internet without interfering with legitimate traffic. Human users may still access data or applications hosted on the server

IP Auto Block

DSM can automatically block the IP address of clients who fails to log in after a specified number of times. Administrators can also set up block or allow lists to better control which IP addresses can access system resources.

Service-interface binding

Determine which services can be accessed through which network interfaces, ensuring the security of sensitive applications as well as bandwidth for critical services.

Multiple SSL certificates

For IT admins hoping to manage multiple domain names from their Synology NAS, it is possible to handle multiple SSL certificates from a single unit, making management and maintenance more streamlined and centralized.

Let's Encrypt® integration

SSL certificates are an essential part of any modern website and ensure a secure connection. However they can be hard to apply for, renew, and manage due to a lack of integration. In addition, certificates for multiple domains can quickly represent a noticeable expense. To address these concerns, Let's Encrypt® is aimed at simplifying SSL certificate management and providing them for free. DiskStation Manager is now integrated with Let’s Encrypt®, making it easier to apply for and manage SSL certificates.

Security Advisor

Manually double-checking system settings for potential security holes is tedious work, and often unfeasible or too complicated for ordinary users. Security Advisor conducts regular scans to rectify existing problems, as well as to cope with new security challenges when they emerge.

Remove malicious programs

Detect and remove programs known to cause adverse effects, cleansing your system of any malignant software

Find weak passwords

Test the strength of users' passwords against a list of commonly used combinations, alerting them when the weaker ones are identified.

Audit system configuration

Examine whether essential security measures including Firewall, DoS prevention, and IP auto block have been properly implemented.

Secure network settings

Check if potentially vulnerable services which should be restricted to internal access only, such as SMB sharing, are open to the outside world.

Additional Security Measures

No matter where businesses store their sensitive files, malicious parties always attempt to exploit the system's weaknesses and acquire such data. To address this, Synology has developed a multitude of enhancements to ensure the most secure DSM environment.

  • AES encryption

    The advanced encryption algorithm keeps shared folders on your hard disks strictly confidential - preventing files from unauthorized access without your private key. Data transmission over the Internet can also be encrypted for enhanced security.

  • Trust level for packages

    The trust level in Package Center can safeguard your Synology NAS from installing unknown or tampered package files.

  • 2-step verification

    An extra layer of protection, in additional to your account credential, with a six-digit one-time password (OTP) generated on your mobile devices.

  • IEEE 802.1X compatibility

    A highly secured standard, IEEE 802.1X aims at regulating authentication within a local network for new machines. DSM 6 is compatible with 802.1X, enabling a Synology NAS to benefit from features such as centralized user identification, authentication, dynamic key management, accounting for security and deployment enhancement, and more.

Notes:

  1. Let's Encrypt® is a registered trademark of the Internet Security Research Group, with all rights reserved.