Network Storage Security Best Practices

Tips & Resources Feb 12, 2021


NAS (network attached storage) devices have experienced a rise in popularity, with many users enjoying both their security and versatility. However, the ubiquity of multi-purpose NAS in homes and offices alike has resulted in cybercriminals devising more ingenious methods to infiltrate NAS devices. According to the recent Sophos Ransomware Report, server-based attacks have been the trend in 2020. These sophisticated attacks are highly-targeted, and are typically far more devastating due to the higher value of the assets stored on servers. The recent spate of attacks on NAS devices with known security vulnerabilities showcases just how important NAS security should be taken.

Before purchasing your NAS, Buffalo recommends first considering how you will use your NAS in order to properly assess possible attack vectors. For example, if you are planning to use your NAS only as a secure storage or backup device, you can disable many avenues of file access. On the other hand, if you are using NAS storage for data-heavy processes, such as video editing or database management, you should actively set up encryption for data access and transfers in order to prevent possible intrusion.

shield connected to technological devices Buffalo TeraStation Network attached storage devices, laptop, phone, tablet and monitor

Security from the Root Up

Buffalo’s acclaimed NAS solutions are widely considered the most secure NAS on the market. One of the highlights of Buffalo NAS is that our devices run on closed systems, with not even the system administrator having root rights. Most competitors’ devices allow third party apps to be installed via an app store, which is a possible vector for ransomware, spyware, and other malware.

Buffalo NAS offer encryption at every level. The boot authentication feature prevents a stolen unit from unauthorized bootups. You can also enable AES 256-bit strong encryption for the hard drives in the TeraStation. Even if the physical drives are removed from the unit, they cannot be read by PC or on other TeraStation units. For further security, data transfers can be encrypted using HTTPS and SFTP.

Buffalo NAS also features various nuanced security features to further protect data. Other than the robust backup options such as replication and cloud integration, the TeraStation 6000 offers snapshot technology to protect you from ransomware without disrupting business continuity. According to the NetDiligence 2020 Cyber Claims Study, ransomware has been the leading cause of financial loss for SMBs in 2020, and the average incident cost has been steadily rising since 2015, up to an average of $275,000 per incident. With snapshots, you can simply use a snapshot in the event of a ransomware attack to revert to a previous data state, bypassing any tedious and costly data recovery processes.

NAS Security Best Practices

Even with included security features, data held on NAS drives can be made further safer by being aware of some common security pitfalls. Of course, underpinning all of these practices is user awareness—a major (and well-known) security issue. No matter if you are using a NAS in a home or office network, it is a good idea to make sure everyone on the network is aware of common security vulnerabilities and procedures.

Login Security

Just recently, many NAS users had to contend with Dovecat, a malware that was specifically exploiting NAS systems with weak passwords. An ineffective password can often be brute-forced with relative ease using various available digital tools. Changing the default admin usernames and using strong passwords should be the first step you take when setting up your device, and can go a long way in protecting your data.

Connections and Ports

Modern networks often encompass many non-computer devices due to the rise of IoT (Internet of Things). You should especially take precaution that other devices on a home network do not present unforeseen attack vectors to your NAS. On the NAS itself, you should close all the ports that are unneeded or unused, and change all the usage ports from the default.

For an additional security layer, using a VPN (virtual private network) can further encrypt traffic between your NAS and the Web. This prevents online attackers from intercepting your traffic in order to exploit your private data.

Keep Everything Updated

As a NAS user, you should regularly receive notifications of when firmware updates are available. Firmware updates typically provide security fixes that close discovered security vulnerabilities. Immediately installing any available updates is an effortless way to keep your device secure. This doesn’t just apply to NAS firmware—it is equally important to keep all devices on your network (as well as any antivirus on those devices) updated, as even one exploited device can lead to critical issues for your network.

The Most Secure Storage

Buffalo prides itself in providing data storage solutions that offer the security, stability, and simplicity you need so you can manage your data with peace of mind. Responsible for many industry firsts and technology standards, Buffalo has four decades of networking and computer peripheral manufacturing and design experience. For more information about BUFFALO Americas Inc. and its products, please visit