In this short post I would like to summarize the best practices to install and safely maintain a NAS server and avoid having bad and sudden surprises that can compromise your daily peace.
- Set up the data volume possibly with a RAID type 6 having the courage to select hard drives of equal performance and characteristics but of different brands.
- Active interfacing of the UPS, installing a UPS without it being able to send information on the status of the electrical network is almost like omitting it. Verify that the UPS is able to keep the NAS and any network peripherals running in case of a power outage, for safety if the UPS is new, note the date of installation and commissioning to schedule a check before the internal batteries run out compromising the functionality of the system.
- Notification configuration, no less important than the previous ones, is the possibility of being constantly informed on the health status of the disks first and then on the general operating status of the server. With this practice we will be able to intervene promptly in cases of hard disk problems or other problems. When installing a Synology server, it is advisable to configure monitoring with the following service
- Avoid installing any services that are not required or necessary for the client's needs, avoid enabling encryption unless explicitly requested, but if it is, it is highly recommended to hand over the encryption keys to the client and inform him about the consequences in case of loss of those keys.
- Enforcing Network Configurations for Minimum Security on a Sever NAS:
- Disable all unsolicited network services
- Modify the access ports to the administration interface avoiding leaving the administration accessible to the default port.
- Set up two-factor authentication or OTP password access for users with full administration rights
- Enable the firewall and close all inactive services.
- If possible, enable selective access based on your IP address.
- Use only those network interfaces that are required for specific purposes and leave all other non-required ones empty.
- In case of Synology Server installation, it is recommended to link the server to your Synology account and enable QuickConnect service in addition to classic direct DDNS.
- Before any changes are made to an active server, please back up the configuration and data to a temporary external medium.
Suggestions ?! Feel free to post them below....