I happen to have two Synology boxes in my lab (DS213+ and DS412+) and I try to keep them updated as much as I can. Recently, DSM 5.1 was released which applies to both of them so this weekend, I took a few minutes to update both of my devices. DSM 5.1 brings a lot of new features and enhancements (NFS VAAI was a big one for me!) so if you have applicable devices then it’s definitely worth upgrading to.
In this post, I am just going to talk about a new package in DSM 5.1: Security Advisor. Typically, after opening a Synology box, one becomes very focussed on getting the drives in and the box going in the shortest time possible. So, it’s quite easy to sometimes forget that there are security settings that you might wish to modify, to secure your box. Security advisor is a utility to scan your device and recommend actions that you can take to secure it. It also reminds you of the things that might have slipped the net or you may have changed “temporarily” but forgotten to change them back to what they should be.
I ran the scan on both my boxes and the results were the same for both (as shown in the screenshot below):
Now that doesn’t tell you much but clicking on the warning sign, takes you to that item in the list.
Here you see a description of the problem and the recommended action. It also offers to take you to the right place to put the issue right. Now in most other software, you’ll find that context-sensitive help is available but any links only take you to the general page. What I love about Synology products is that their software is very well-thought out. In this case, clicking on “Control Panel”, actually takes you to the “Password Settings” page.
Here, I actually didn’t have “Apply password strength rules” or any of the other boxes ticked, which as you can see, I corrected.
The other issue identified by Security Advisor was related to “Auto Block” (as shown in the screenshot):
This time, clicking on the “Control Panel” link, took me to the “Auto Block” settings page:
As you can see, I ticked the required box there.
Once you’ve corrected all the issues identified, you can run the scan again. I did and got a clean bill of security health! Once this is all done, you can also schedule this to run on a regular basis as well.
This does beg the question as to why the devices don’t have these options set by default. Hopefully, Synology will think about making them default options as they do seem like sensible defaults. That said, I think this is a great addition to an already impressive list of Synology packages and if you have these devices, I would highly recommend running Security Advisor at least once. Of course, you can go and set these options manually as well (knowing that they’re not set by default now) but it wouldn’t be a bad idea to run this regularly as a scheduled job.