The Most Secure NAS on the Market

White PapersFeb 02, 2018

The risks of cyberattacks, ransomware, and industrial espionage is on the rise, while at the same time European regulations for the protection of personal data will reach a new level with GDPR (General Data Protection Regulation) entering into force as of May 2018. Organizations and companies need to have reliable and secure storage in place in order to protect their protect their sensitive information as well as the personal data of their customers. 

Many small and medium sized organizations use network attached storage (NAS) devices to store, backup and share data. Buffalo is a leading manufacturer of NAS devices, and the security of its customers’ data has always been of the utmost priority. Buffalo devices prioritize this security to bring you the most secure NAS on the market.

Closed System - One of the most significant features to highlight is that Buffalo NAS systems are closed and not even the system administrator has root rights. Most competitors’ devices allow third party apps to be installed via an app store, Which is a possible vector for malware, spyware, and other viruses. The TeraStation only allows connections to available network services, which you can still limit to the ones you really need and use by enabling/disabling them per LAN port and service thus minimizing the risks further.


Secure Set-up - Security starts with the setup. Buffalo has always allowed for local setup with TeraStation. It is not necessary to have an internet connection for the setup or to create an account (as with other vendors).


Anti-Theft Features

Software Protection: Boot Authentication (TS3010 & 5010 Series) - When the TeraStation unit boots up, it can be configured to require a boot authentication process by linking it over a local network or VPN with a Windows server or PC with the boot authentication management tool installed. If the server is not present or the unit is not registered to the authentication management tool, the Terastation will not boot and the data cannot be read, preventing a stolen unit from being readable in any circumstance. This will prevent the unauthorized boot-up or reset of a stolen TS device. With the boot authentication management tool installed on a Windows PC, you can manage multiple TS units, resulting in speedier trouble shooting. Boot Authentication leverages 256-bit AES encryption to ensure strong security.

The “Reset button” can be disabled (also on older models without Boot Authentication), which ensures that the unit cannot be used when removed without permission.

Physical Theft-Protection - All TeraStation units (desktop and rackmount) feature Kensington lock compatibility. In addition, the desktop versions have lockable doors that prevent the disks from being taken out of the unit without the key.

Data Encryption

Disk Encryption: TeraStation offers the option to encrypt the drives with AES 256-bit strong encryption. Therefore, even when HDDs are taken out of the unit, they cannot be read by PC or on other TeraStation units. 

Encrypted data transfer: When accessing the TeraStation via remote management or WebAccess the connection can be established by using HTTPS, which guarantees encrypted data transfer. In addition all TeraStations support SFTP (SSH File Transfer Protocol), which enables secure file transfer capabilities between networked hosts.

Passwords - TeraStation management requires an administrator password, and file access can be password restricted as well. The TS3010 and TS5010 series also support Access Control List (ACL) for subfolders and individual files. Compared to simple access right control, ACL enables very finetuned management of who can access what. Backup and replication passwords prevent a secondary NAS of seeing or using the TeraStation for any backup or replication purpose.

Anti-Virus* - By turning on the virus scan feature, virus spreading over the network is prevented. In case a vulnerable PC gets connected to the network and sends virus-infected data onto the TeraStation, the virus gets automatically detected by the TeraStation and quarantined to a segregated folder and prevents the infection to other clients.

* TS3010 & TS5010, sold separately

Backup, replication, failover and encryption - While a backup is not exactly a security feature, it is a measure to protect yourself from data loss in case of a defect or attack on your system and essential for any business or private user. TeraStations offer plenty of options to secure your data in a safe way – backup (via USB or network), replication, encrypted replication, backup or replication via Rsync with SSH (encrypted file transfer), failover, cloud backup. 



Would you like to learn more about our solutions? Join our email list! Benefits include:

  • First access to free webinars and giveaways
  • Invitations to special events
  • Updates and information on our products