asheenlevrai Posted February 23, 2022 Share #1 Posted February 23, 2022 https://www.guru3d.com/news-story/vulnerability-in-synology-dsm-allows-execution-of-arbitrary-commands.html Quote Link to comment Share on other sites More sharing options...
altas Posted February 23, 2022 Share #2 Posted February 23, 2022 hope that they can upgrade to latest or fixed Version, but as the loader support is important it is not so easy task. so best for Xpen users.. dont allow DSM to be available from the Internet Quote Link to comment Share on other sites More sharing options...
flyride Posted February 23, 2022 Share #3 Posted February 23, 2022 ^^^^^ This There have always been privilege escalation hacks to DSM, these are just the ones they are telling you about. Quote Link to comment Share on other sites More sharing options...
Amrit86 Posted February 23, 2022 Share #4 Posted February 23, 2022 (edited) Anything exposed to the Internet will be at some risk. With my setup, I have: - default admin disabled - long passwords for user accounts I have created - 2FA - permanent ip blocking if 2 incorrect attempts within an hour and I review before unblocking - ssl using letsencrypt - custom ports for https and http not available externally - custom ssh port although this isn’t allowed through the firewall anyway - firewall on the Synology and router - specific ports only allowed to Synology - access to Synology from within the UK and no access from anywhere else I also review my logs and have it set up to alert me to any new logins from new devices/locations. Some of the above might be overkill but feel that it will help in securing the Synology even if/when this vuln is patched. If anyone has any other recommendations, I’m all ears! Edited February 23, 2022 by Amrit86 Quote Link to comment Share on other sites More sharing options...
luutuananh Posted February 24, 2022 Share #5 Posted February 24, 2022 Build a VPN server and block all direct incoming traffic except that VPN tunnel and you good to go guys. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.