Data Security

Both hardware failure and malicious attacks from the Internet can disrupt access to critical digital assets. In businesses where maintaining 24/7 service is paramount, DSM offers advanced high availability and security measures to safeguard you from unexpected server disruption and data loss.

Synology High Availability (SHA)

Ensuring business continuity

In today's competitive global economy, many enterprises cannot afford to have their mission-critical services offline for even a short period of time. The advanced Synology High Availability (SHA) technology ensures services remain online by combining an active and a passive server into one cluster, with the latter always mirrored to the former. Should the active server malfunction, the passive server automatically kicks in and takes over. Users can continue to access their files as well as DSM services from the backup server, as if the incident never happened. In the meantime, this buys IT personnel more time to repair or replace the malfunctioning hardware.
Please refer to the dedicated Synology High Availability page for more details.

Network Security

Protect your Synology NAS against outside threats

Connecting a NAS to the Internet greatly increases its convenience and possible uses, but caution must be exercised to protect it from outside attacks. With DSM, you can block unusual attempts to enter your NAS in a highly customizable manner.

Account Protection

Account Protection helps improve the security of your DSM by protecting the accounts from untrusted clients with too many failed login attempts. This helps reduce the risk of accounts being broken by brute-force attacks.

Firewall

Customize which IP addresses may connect to specific services or network ports on your DiskStation - configurable even based on the IP address's geological origin

Denial-of-service prevention

Block DoS attacks from the Internet without interfering with legitimate traffic. Human users may still access data or applications hosted on the server

IP Auto Block

DSM can automatically block the IP address of clients who fails to log in after a specified number of times. Administrators can also set up block or allow lists to better control which IP addresses can access system resources.

Service-interface binding

Determine which services can be accessed through which network interfaces, ensuring the security of sensitive applications as well as bandwidth for critical services.

Multiple SSL certificates

For IT admins hoping to manage multiple domain names from their Synology NAS, it is possible to handle multiple SSL certificates from a single unit, making management and maintenance more streamlined and centralized.

Let's Encrypt integration

SSL certificates are an essential part of any modern website and ensure a secure connection. However they can be hard to apply for, renew, and manage due to a lack of integration. In addition, certificates for multiple domains can quickly represent a noticeable expense. To address these concerns, Let's Encrypt is aimed at simplifying SSL certificate management and providing them for free. Currently in beta, it's quickly gaining traction among all the major players and is now integrated to DSM.

Security Advisor

Your personal security specialist

Manually double-checking system settings for potential security holes is tedious work, and often unfeasible or too complicated for ordinary users. Security Advisor conducts regular scans to rectify existing problems, as well as to cope with new security challenges when they emerge.

Remove malicious programs

Detect and remove programs known to cause adverse effects, cleansing your system of any malignant software

Find weak passwords

Test the strength of users' passwords against a list of commonly used combinations, alerting them when the weaker ones are identified.

Audit system configuration

Examine whether essential security measures including Firewall, DoS prevention, and IP auto block have been properly implemented.

Secure network settings

Check if potentially vulnerable services which should be restricted to internal access only, such as SMB sharing, are open to the outside world.

Stay up-to-date

Make sure the newest DSM software version is installed, equipping your system with the latest weapons to repel digital invaders.

Additional Security Measures

Comprehensive safeguards against intrusion

No matter where businesses store their sensitive files, malicious parties always attempt to exploit the system's weaknesses and acquire such data. To address this, Synology has developed a multitude of enhancements to ensure the most secure DSM environment.

AES encryption

The advanced encryption algorithm keeps shared folders on your hard disks strictly confidential - preventing others from accessing their content without your private key. Data transmission over the Internet can also be encrypted, so that you remain secure when accessing services like File Station, FTP, SMB3, and WebDAV.

Antivirus

Install the free Antivirus Essential developed by Synology, or purchase the package from industry leader McAfee for additional peace of mind and to meet regulatory compliance.

Trust level for packages

Customize the trust level in Package Center to avoid installing packages from untrusted sources, safeguarding your NAS from unknown or tampered packages files.

AppArmor

A kernel-level enhancement that restricts the set of system resources each application can access, effectively sandboxing against malicious attempts to exploit any application.

2-Step verification

Prevent others from logging into your DSM account by requiring a six-digit one-time password (OTP) generated on your mobile devices, in addition to your regular username and password combination.

IEEE 802.1X compatibility

802.1X is a highly secured standard that provides a framework aimed at regulating authentication within a local network for new machines. DSM 6.0 is compatible with 802.1X, enabling a Synology NAS to benefit from multiple features such as centralized user identification, authentication, dynamic key management, and accounting for security and deployment enhancement.

QualysGuard Security Scan

Synology protects your data with various DSM features, while also guaranteeing operating system security with a reliable, market-leading vulnerability scanner, QualysGuard, which allows Synology to conduct thorough system scans and implement remediation on every major DSM release. Get the security scan results of DSM. Learn more