There have been many reports of attackers targeting NAS solutions recently.
What are some basic rules I can follow to help secure my TrueNAS setup against attacks like this?
- Never expose NAS to WAN or any remote access cloud service. Use a VPN instead.
– Disable UPnP on both firewall and NAS
– Do not port forward, except for a VPN
– Do not use cloud based remote access services. - Implement 3-2-1 backup strategy.
- Replace EOL devices/software.
Too easy for malicious actors to find any device on a WAN.
3 Likes
Keep your truenas box behind a properly configured firewall and you will be ok.
Those WD devices can be accessed via cloud service, LOL, obviously not a good idea.
1 Like