No video
is Quick Connect Secure for Synology?
Рет қаралды 50,670
Күн бұрынQuick connect is an easy way to access your NAS outside of your home. But it it secure?
Hire Me! www.spacerex.c...
Support the Channel & Get Early Access to ALL Videos: / spacerexwill
#QuickConnect #Synology #ransomware
Synology White Paper on QC: global.downloa...
@carsonhawley8838 Жыл бұрын
I appreciate the deep dive into how Quick Connect works under the hood. Your channel was a fantastic resource to me while shopping for (an setting up) my Synology NAS. Thanks for putting out such high quality videos. They really make a difference for new Synology users!
@versa319 Жыл бұрын
Well done, Will! Great video to educate and help us understand a little more detail of how QC works. QC is great for my small business. Thanks again! 👍🏽
@SpaceRexWill Жыл бұрын
Thanks man! I recognize that logo! Hope you are doing well!
@MoToPoKePJeKa Жыл бұрын
I was trying to set up DDNS with custom domain just to avoid brutforce offload of quickconnect addresses and knowing that someone potentially can see my Synology web address, but I was not successful with DDNS. So decided to open quickconnect and give admin account random 80 character password and different name. With 12character passwords for other users. So based on you information i am fairly safe then. Nothing is 100% on the internet. Thank you for the video.
@davidpeters7447 Жыл бұрын
You can setup 2FA as well.
@gz625 Жыл бұрын
I'm absolutely not a fan which hardware Synology offers for the money they asking but on software side it's the best in Nas world for home users.
@ILoveTheAllCreator Жыл бұрын
What would you suggest as alternative
@ILoveTheAllCreator 9 ай бұрын
@@hundredfireify I tried doing it with my computer and it was frustrating not having the apps on my phone that’s tells me computers temps, wake on, storage size, status and etc.
@btam83 8 ай бұрын
You’re not paying for hardware, you’re paying for software
@PeterHonig. Жыл бұрын
I find all your videos to be very informative, based on solid research, and superbly done. I found this one in particular to be especially useful, as it has given me the best and most relevant information that anyone has done on this topic. Kudos and many thanks!
@SpaceRexWill Жыл бұрын
Thanks man!
@brianhansen6906 Жыл бұрын
Thanks for doing this topic. I’ve been using it assuming it’s safe, but it’s good to have confirmation.
@cliff_cliff Жыл бұрын
im glad you made this. if you read forums the general consensus is use a vpn connection or youre an idiot. i use quickconnect and all users use 2 factor auth. ive never had an issue and the nas just works. cheers
@SpaceRexWill Жыл бұрын
The forums tend to be very gate keepery Is a VPN more secure: yes, but that then means you can’t share files from your NAS or get your family to backup their photos
@zaraza. Жыл бұрын
For small organizations VPNs may be sufficient but in many cases they will not protect you from targeted attacks. It is often that companies get their network compromised through VPN because of vulnerabilities or leaked credentials. Also once VPN is breached the attacker often gains access to more than just a NAS, but other than this I am not convinced that QC will provide you with a better security.
@SmallSpoonBrigade Жыл бұрын
@@SpaceRexWill Yes, indeed. You can set up a VPN connection to the firewall server and from there to the NAS, which is very secure. It's also going to exclude those family members unless you give them the configuration files to connect themselves, which largely makes the whole exercise moot.
@DavidM2002 Жыл бұрын
I'd be really interested in comparing QC to Tailscale in two key respects : 1) Synology appears to "take calls" from both your local and remote devices and then hand off that connection so that it's direct. If I understand correctly, an open port on the router is still required ? Or is that port only opened upon request of QC ? 2) How much better or worse is file sharing on QC vs Tailscale ?
@supernumex Жыл бұрын
I absolutely also want a comparison with Tailscale.
@zaraza. Жыл бұрын
Open ports for inbound connections are not required, since the QC will fall back to synology relay service if its not possible to establish direct connection between the client and NAS. If your firewall allows hole punching then QC will try that first to make direct connection possible.
@EuroPC4711 Жыл бұрын
@@zaraza.ow do I allow holepunching? By enabling upnp on my pfsense/router? And after 2x has punched a hole in my router, does it close the hole after a certain time or does ist stay there for later usage?
@EmilePolka Жыл бұрын
tailscale is: - opensource - based on wireguard - uses strong encryption - the provider it self dont know what's happening in your tunnel - keys changes everytime you connect/reconnect to another tailscale connected computer - login security is pretty much handled with the most experienced guys out there (google, github etc..) quickconnect: - not open source - damn who knows how their tunnel works - is it even secure to begin with? - are you even sure that theyre not snooping on your traffic while in proxy mode? - your login security is heavily dependent on your NAS if you know how wireguard works in terms of handshake, yeah is damn secured as the tailscale relay it self really dont take with that handshake anymore even if your connected via DERP servers.
@ethansturm3194 Жыл бұрын
Thanks for the video. I’m new to Synology and all of your content has been fantastic! Is there any way to tell when Quick Connect is going through the relay server vs direct WAN connection (or hole punch)?
@SpaceRexWill Жыл бұрын
if you look for the 'direct' in the URL you know you are direct connected
@superbaggio87 Жыл бұрын
Thanks again for the video very much appreciated, very helpful and informative, greetings from Italy
@notreallyme425 Жыл бұрын
I originally used QC, but then switched to DDNS and port forwarding. Can’t remember why… but I think it was because not all services (Active Backup for Business?) would work on QC. Now I’m using Bitwarden (Vaultwarden docker container) and I think DDNS with port forwarding is the best/only solution for that.
@SmallSpoonBrigade Жыл бұрын
Probably the most secure thing would be to require a VPN connection to firewall computer and then forward anything coming in through the authenticated VPN to be forwarded to the NAS. But, that's probably not necessary for most users.
@aayush_dutt Жыл бұрын
That's not a good practice to directly open any port to the internet all the time. Better to have a PiVPN and open just the VPN port and you can access your network through the vpn. That said, QC is better than raw port opening.
@notreallyme425 Жыл бұрын
Yes, my NAS is exposed with DDNS but with strict firewall rules and 2FA in place I’m not worried about it. I keep the nuclear codes stored offline 🤣
@miguelgargallo 11 ай бұрын
Thanks Will, very awesome, makes me more in peace after seeing this
@christianbram1959 Жыл бұрын
Thanks Will, again a very informative video. What would have helped me even more would have been a comparison of Twingate and Quickconnect. Since you published the Twingate Video just 3 days earlier I am now asking myself, what is the best solution for me.
@EuroPC4711 Жыл бұрын
When using QC, can I block certain ports somehow? I'm comparing it to IPv4 where is ist a good Idea bo block all ports on your router and forward what you definitely need.
@JeremyCobb Жыл бұрын
Thanks Will, another great video and very reassuring. I would value your thoughts on moving up to Tailscale at some point, when you get time.
@SpaceRexWill Жыл бұрын
I have a video planned with that coming out april 19th!
@demzara Жыл бұрын
Can you manualy set up DSM and Mikrotik router to use hole punching? Or if you set a port forwarding manualy will quickconnect use it for direct tunnel, instead of going through relay server?
@DaystromDataConcepts Жыл бұрын
Great video! Thanks :) I would love to have you do case study type videos for the home user such as, and this is what I'd really like, the ability to have your Synology act like Dropbox. I simply want to have a folder and deposit files and then send anyone a link to download said file. Is this possible? I have heard of Synology Drive, but it seems rather involved and I was hoping for something more accessible to home users.
@sproid 4 ай бұрын
Quickconnect is great until I notice there's no way to use it as replacement for webdav to sync contacts. Is good but very limited. Now I'm hoping either synology create a way to sync contacts with it or for Proton(mail) to create it first.
@Nimitz_oceo 5 ай бұрын
You failed to mention that if you truly want to be secure you never enable quickconnect without MFA . Synology’s own secure sign in app is great for MFA. So turn on MFA and quick connect plus a very long address you should be safe
@thetechguy600 Жыл бұрын
I have one very quick question. So I have 4 different synology NAS units two at my home and two at my work. I use QuickConnect on all of them for remote access to DSM as well as file transfers. The issue I am facing is that QuickConnect file transfer speeds on three of them are seemingly capped for some reason at around 300KBs whereas the fourth unit is running at near full sustained network speed at my home which is around 1.2MBs. Is there a way I can get the other three units to speed up the transferring of files remotely or is this not possible?
@SilverOrlov 7 ай бұрын
Almost a year has passed. I am new in that theme, is there any positive changes about "showing my NAS to all the World"? I tried to make some hard settings(https, inner vpn, ports, router end so on) but I don't sure that I did everything. I want hide my NAS and make it maximum secured, but I feel that am not as experienced in those stuff and it's easier to simply use that QC+2fa.
@WalkingDday Жыл бұрын
Perhaps it arrived after this video was made, but I use two step authentification.
@tomdegnan7001 11 ай бұрын
Do you have a tutorial video anywhere on how to disconnect quick connect and connect a different way? I would like to install tailscale but can't do that when on via quick connect?
@huishaai Жыл бұрын
Goodday Spacerex Syno Obi-wan , i got a question my Syno is taking endless time writing, scanning and what not, sometimes like a week. I read more user have these problems over the years, but i never found a reason, and even better a solution, im about th reset the whole thing and start anew. Have you got any Obi-wan news or tips ? Thanks for the great video's ! Very help and insightfull.
@Losschris1 Жыл бұрын
MFA helps too
@DaystromDataConcepts Жыл бұрын
Can anyone here please help me? When I enable the Quickconnect check box and then click continue when taken to my Synology account page, the Quickconnect ID field is greyed out, preventing me from typing in anything there. I've tried DDNS, but my router isn't automatically detected and I am having trouble with port forwarding as I don't know what I'm doing. I am connected to my NAS directly using a static IP address. All I want to do is to setup Quickconnect, but it's not working for me at all. HELP!! :)
@djepodjepo Жыл бұрын
But QuickConnect is super slow right!? Or am I doing something wrong? I cant get more than 1 Mbps up/down
@bellahermosa3581 Жыл бұрын
Hello, I am new in Synology Nas. I am using a Nighthawk wifi router to my computer and my Synology nas is plugged-in directly to my wifi router. My question is how can I connect my synology nas directly to dns server or use a domain host name to open my synology nas if I`m using a wifi router (not on Ethernet). I hope you get what I mean. Because I don`t want to use always the quickconnect to open my synology nas.
@zakinthetube Жыл бұрын
Do you suggest to activate firewall of the nas itself? It works well?
@twiblr Жыл бұрын
Good video - much to think about.
@eneillewis 11 ай бұрын
Thanks!
@SpaceRexWill 11 ай бұрын
Thank you!
@MrTubertub Жыл бұрын
Thank you for the video. What about extra Security with 2fa isn't that possible?
@malm1231 Жыл бұрын
hey m8 im having some connectivity issues i think - is there a way to setup my smb with my nas using quickconnect? I was hoping to make it appear like a folder in finder the way it does when it is local. having trouble finding info online. could this be a port forwarding issue (even though it is handled by DSM7) or am i asking the wrong things of my nas
@glennadams7047 Жыл бұрын
Good analysis !
@billyjoe3309 10 ай бұрын
Don't wanna use quickconnect, wanna use local IP but that only works for the DSM panel, not for rsync or FTP.
@ehoenig 11 ай бұрын
2Factor Authentication is the next security step.
@StevieMacVFX 11 ай бұрын
So if my ISP has blocked port forwarding can I only use Quick connect to get access to my NAS externally?
@SpaceRexWill 11 ай бұрын
or Tailscale
@DlxyRekt Жыл бұрын
Had to use it for synology drive and photos on mobile due to cloudflare's 100mb rule
@nixxblikka Жыл бұрын
I think the backdoor for guessing the url is let's encrypt? They list everything?
@SpaceRexWill Жыл бұрын
I haven’t been able to find a list of all the let’s encrypt sites. Do you know of one?
@RBzee112 Жыл бұрын
I use it with 2FA TOTP.
@dtownssqwe Жыл бұрын
Wasn't there an issue last year with ransomware attacks on Synologys?
@sonicinchen Жыл бұрын
Combinated with 2FA hardware wallet is it a good option
@seemoris Жыл бұрын
Do you do consultations at all?
@drrobotnik80 8 ай бұрын
Do you have a video creating an ssl certificate? I keep getting the message saying it's not private.
@MiguelRedPy 7 ай бұрын
On the LAN, unfortunately, it will always tell you that it is insecure. SSL certificates will only work for WAN connections
@Alex-lp6bg Жыл бұрын
Do you have a tutorial on using cloudflare instead?
@bryansmith775 Жыл бұрын
“Yes, but is less secure than no port forwarding at all” 🤯🤯
@BGCGC1 Жыл бұрын
Any idea why the mobile login page does not use 2MFA ? It just lets me login with username and password .
@SpaceRexWill Жыл бұрын
You have to enable MFA for each account
@BGCGC1 Жыл бұрын
@@SpaceRexWill thanks where can I find it to enable for mobile?
@markpreston1385 Жыл бұрын
How about comparing Quick Connect to Tailscale?
@MiguelRedPy 7 ай бұрын
Tailscale is better
@Glowinglight230 Жыл бұрын
Asustor recently had a hack that involved their ez connect. While I am sure synology does their homework, if a hacker ever got into people systems on a wide scale they would make more money than they did with asustor. More $$$ means synology has a bigger target on their head. VPN is the method I am going.
@LUNTK Жыл бұрын
1:41 2:10 2:32 3:48 5:50 11:20
@EmilePolka Жыл бұрын
6:23 well that's what at least they want you to know to be honest.
@dcretney Жыл бұрын
I would really, really like to know if SynologyDrive security is sufficient enough…??
@brianhansen6906 Жыл бұрын
I presume you mean the Synology drive desktop app. I don’t know why it wouldn’t be if you’ve selected to have it connect via HTTPS. Everything is encrypted then. That’s what I do. I only quick connect in to access apps or files that I don’t have connected through drive. But almost everything I do is synced through drive.
@dcretney Жыл бұрын
Wouldn’t synologyDrive desktop app and NAS package just open more opportunity for breach? Don’t get me wrong, I want to use it, but I’d like to see somebody explore and discuss its security…
@brianhansen6906 Жыл бұрын
@@dcretney I’m not sure what nas package you’re referring to, but Synology drive connects using your connect ID (if that’s what you put into it, and you need for external access) so it’ll connect the same as the quick connect through the web browser. At least that’s my understanding.
@davidcretney9921 Жыл бұрын
Ok, thanks for the reply. I might not be remembering correctly since it was more than a month ago, but I thought I had to install a package on the Nas to enable SynologyDrive. It’s likely I am wrong.
@brianhansen6906 Жыл бұрын
@@davidcretney9921 oh yes, you’re actually correct. I was having a brain fart at the moment. You had to install Synology drive server and drive on the nas. But since you sign in from the app on your computer using your quick connect id as long as you have the option checked in the app to connect with SSL then everything should be encrypted and it’ll connect through to your nas through quick connect just without you physically opening the browser and logging into your nas.
@ChrisTheDBA Жыл бұрын
can you just delete the default 'admin' user?
@SpaceRexWill Жыл бұрын
You cannot, you can disable it which is basically the same
@skpowerz Жыл бұрын
Is quickconnect possibly the cause of my slow download speeds? I have a Synology that I connect to externally through quickconnect with SynologyDrive. Very simple setup, 1 shared folder, no extra configuration at all. Files that are not local get downloaded at speed of max 50-70 KB/s. Speedtest at both locations shows ~100 Mbps. After a few google searches I see a few people mention that this might be because of quickconnect. Is it true? Any fast fixes/tests I can do?
@zaraza. Жыл бұрын
If QC uses synology relay instead of a direct connection then the performance will be usually bad. At least this is my personal experience. Alternative is to open your firewall for inbound connections and configure NAT (risky security-wise) to allow direct connection between NAS and client or set up a VPN or a cloudflare tunnel etc. But if you don't know how to do it it's probably better to stay with QC since you don't have to worry too much about more complex configuration as opposed to other methods.
@jakesecondname2462 Жыл бұрын
Is there a way to turn Quick Connect off outside of specified hours, and deny connections coming from outside of a specific country or region?
@DavidM2002 Жыл бұрын
Perhaps set up a firewall rule ? But I think you may end up with a can of worms before you get what you want.
@jakesecondname2462 Жыл бұрын
@@DavidM2002 yeah I think you're probably right
@zaraza. Жыл бұрын
Cloudflare allows for geolocation-based filtering etc. if you have domain registered with their service. But this will not work with quickconnect so you'd have to open your FW for incoming traffic. I think their zero trust tunnel or some VPN solution is probably a more secure option. Alternatively you could set up a reverse proxy with geoip filtering for example with a combination like pfsense+haproxy+pfblockerng.
@williamhicks2763 Жыл бұрын
@@jakesecondname2462 I’d check the Synology forums. I would bet someone has written a script or something that could do that. If you know any Linux, or someone that does, I think most things are possible.
@Crazy--Clown Жыл бұрын
I come across so many ppl even IT guys that are just too lazy to keep the updates happening and this included your PC firmware (Bios Updates) many are including CVE's so don't be that lazy one
@infamouse9149 Жыл бұрын
anybody got a TL:DW answer to the title question? Is it secure or not?
@cliff_cliff Жыл бұрын
yes
@SmallSpoonBrigade Жыл бұрын
The answer is mostly, just not as secure as not having it enabled.
@maximumwoof8662 8 ай бұрын
:00 - :01 - "eye howz yun yo" ???????????????????
@JohnSmith-zl8rz Жыл бұрын
I don't need external access so I don't need it.
@MarcAndreLevesque Жыл бұрын
As secure something connected to the internet can be. you want your synology secure, don't open it on the internet. period.
@Perseca Жыл бұрын
😨 someone with an 8-character password giving security advice... oh no no no no no... use a password manager, 16 character minimum, preferably randomly generated, and limit the number of login tries in your Synology security settings you don't want to assume the current security environment will never change... go a step or two or many beyond the minimum so it doesn't become a problem you have to deal with later
@SpaceRexWill Жыл бұрын
actually new advice says you need at least 32 characters, and including at least some emoji to extend the possible keys by 10x
@EuroPC4711 Жыл бұрын
I usually use a password-manager for that. And all theses passwords worked well. Until I setup OpenVPN from Synology-VPN package. I configured a user only for establishing VPN connections and login kept failing. Unfortunately my DSLmodem/router only speaks IPSec, what I do not wand to use for mobile devices.
@MrFreshgale Жыл бұрын
Thanks!!!
NASCompares
Рет қаралды 41 М.
Dave's Garage
Рет қаралды 649 М.