Risk with DDNS

[Philhawk]

Hi,

I recently read an article online, which said that DDNS is a major security risk to the LAN, especially with DSM 6.1 ...

Is this true/ is there something I can do to make it safer (Upgrade to DSM 6.2 does not work)?

 

Thanks for your help.

[test4321]

7 minutes ago, Philhawk said:

Hi,

I recently read an article online, which said that DDNS is a major security risk to the LAN, especially with DSM 6.1 ...

Is this true/ is there something I can do to make it safer (Upgrade to DSM 6.2 does not work)?

 

Thanks for your help.

If you are running un-patched version and you allow DDNS through your Firewall and hackers own your machine - they can possibly own other machines on the network.

 

Your role is to limit the surface of attack:

- limit countries that can connect

- limit IP's that can connect

- set timing on firewall open / close ports (pfsense can open / close ports by schedule)

- set ports that are not standard for synology (not 5000 / 5001)

- set IP blocking for brute-force attacks (limit how many failed logins can happen from 1 ip address)

- put your Synology on a separate from network VLAN

 

The smaller the surface of the attack the better your chances are to stay safe.

 

Definitely upgrade your Xpe if you are a few versions behind.

[Philhawk]

tahanks for your answer

[Polanskiman]

The question(s) in this topic have been answered and/or the topic author has resolved their issue. This topic is now closed. If you have other questions, please open a new topic.