Cyber Attack Cyber Security Technology

How to Bulletproof your NAS devices against Ransomware attacks

logo of our company

Nearly all organisations own some form of NAS device that they use for various purposes.

 Firstly, as a backup destination which is the most common usage.

 Secondly, as a Web Server, and thirdly, as a hypervisor, hosting Virtual Machines on their own.

 In this post, we focus on applying the best practices to such devices regardless of their usage.

 The below steps are vendor agnostic and can be applied to the majority of the NAS boxes:


  • Encrypt NAS volumes
  • Disable SMBv1
  • Disable HTTP and Telnet access. Allow only HTTPS and SSH connections
  • Be extra careful while creating your user objects and their permissions
  • Configure notifications for user logins. Set a fixed routine to manually check the NAS logons if your device doesn’t have such an option
  • Pay attention to the vendor updates for your device. Always download and install them in a timely fashion
No alt text provided for this image
Source: Pixabay

System & Network Performance

  • Retain only the software that you need and get rid of everything else. NAS devices have numerous Media Center applications built-in, which you often don’t need
  • In the case used as a hypervisor, pay attention to the disk configuration. Choose the RAID setup that fits your requirements. Follow this link to a handy RAID calculator, which comes for free. 
  • Aggregate network interfaces to get the maximum possible speed out of the NAS

In conclusion, the above configuration can significantly benefit a NAS device, while it doesn’t come with any tradeoffs.

It always comes as a surprise how NAS devices often go unnoticed in infrastructure, given their essential role.

Remember, this is another location where company data lives, and we want to ensure they are safe and well.  

VEEAM’s 2022 Ransomware Trends Report shows backups were targeted in 94% of attacks and impacted in 68% of attacks; thus, we need to be mindful of their protection.

If you found the above informative, I’d suggest booking a quick 30-min session with one of our Subject Matter Experts (SME) to discuss how you protect your data and walk you through some of the industry’s best practices.