A hot potato: QNAP has issued a security statement urging its NAS users to take immediate action and secure their data against ongoing ransomware and brute force attacks. Although responsible parties have not been identified, widespread attacks appear to target all vulnerable network devices. The company has provided security configuration instructions and mitigation actions that any QNAP NAS user should take immediately.
A security statement released by the storage device provider Friday gave QNAP NAS users very clear instructions to take immediate action to secure your network appliances or take them offline. Attacks, which appear to indiscriminately target any network device exposed to the Internet, pose the most risk to devices with Internet connectivity but little or no protection in place.
QNAP users with the ability to access and secure their devices can check if their device is exposed to the internet using the QNAP Security Advisor. According to the company statement, the user’s NAS is at risk and at high risk if the Security Counselor console displays a result that says, “The System Administration Service can be directly accessed from an external IP address.” . “
In the event that a user’s NAS is exposed to the Internet, QNAP’s security statement provides instructions to determine which ports are exposed as well as how to disable port forwarding on the user’s router and UPnP on the NAS device.
Port forwarding, also known as port mapping, redirects requests from the originating address and port to another address and port. Some users and administrators no longer view port forwarding as a major risk, as the software firewalls included with most modern operating systems are able to provide adequate protection when properly configured.
However, QNAP has specifically declared that enabling the port forwarding, UPnP, or demilitarized zone (DMZ) feature may cause the NAS to connect directly to the internet, making the device vulnerable to attack. The recommended preference is for the NAS to stay behind a user’s router and firewall without a public IP address.
NAS users without access or familiarity with the Security Advisor’s console still have one final nuclear option: simply disconnect the device, ending any potential connectivity to the outside world. While it might sound drastic, the fact remains that attackers looking for vulnerable targets can’t hit what they can’t see.
Image credit: Michael geiger