The Most Secure NAS on the Market

Feb 02, 2018

Terastation in front of a red and black honeycomb background

To curb the rising threat of cyberattacks, ransomware, and industrial espionage, modern enterprises large and small now need reliable and secure data storage in place in order to protect their essential business data as well as sensitive customer data. The boost in file security is especially essential for selective industries such as healthcare, where new regulations now mandate strict data security measures with regards to private user data.

Many small- and medium sized organizations use network attached storage (NAS) devices to store, back up and share data. Buffalo, a leading manufacturer of NAS solutions, has always recognized that data protection is of the utmost priority for any business. Buffalo combines robust file security technologies such as AES encryption and anti-theft innovations such as boot authentication to bring you the most secure data storage solutions on the market.

Red circle inside a gray circle iconClosed System - One of the most significant features to highlight is that Buffalo NAS systems are closed and not even the system administrator has root rights. Most competitors’ devices allow third party apps to be installed via an app store, Which is a possible vector for malware, spyware, and other viruses. The TeraStation only allows connections to available network services, which you can still limit to the ones you really need and use by enabling/disabling them per LAN port and service thus minimizing the risks further.

Security shield inside a gray circle icon


Secure Set-up - Security starts with the setup. Buffalo has always allowed for local setup with TeraStation. It is not necessary to have an internet connection for the setup or to create an account (as with other vendors).


Identifying thief inside a gray circle iconAnti-Theft Features

Software Protection: Boot Authentication (TS3010, 5010, & 6000 Series) - When the TeraStation unit boots up, it can be configured to require a boot authentication process by linking it over a local network or VPN with a Windows server or PC with the boot authentication management tool installed. If the server is not present or the unit is not registered to the authentication management tool, the Terastation will not boot and the data cannot be read, preventing a stolen unit from being readable in any circumstance. This will prevent the unauthorized boot-up or reset of a stolen TS device. With the boot authentication management tool installed on a Windows PC, you can manage multiple TS units, resulting in speedier trouble shooting. Boot Authentication leverages 256-bit AES encryption to ensure strong security.

The “Reset button” can be disabled (also on older models without Boot Authentication), which ensures that the unit cannot be used when removed without permission.

Physical Theft-Protection - All TeraStation units (desktop and rackmount) feature Kensington lock compatibility. In addition, the desktop versions have lockable doors that prevent the disks from being taken out of the unit without the key.

Data with red key inside a gray circle icon

Data Encryption

Disk Encryption: TeraStation offers the option to encrypt the drives with AES 256-bit strong encryption. Therefore, even when HDDs are taken out of the unit, they cannot be read by PC or on other TeraStation units. 

Encrypted data transfer: When accessing the TeraStation via remote management or WebAccess the connection can be established by using HTTPS, which guarantees encrypted data transfer. In addition all TeraStations support SFTP (SSH File Transfer Protocol), which enables secure file transfer capabilities between networked hosts.

Gray padlock with red keyhole inside a gray circle icon

Passwords - TeraStation management requires an administrator password, and file access can be password restricted as well. The TS3010 and TS5010 series also support Access Control List (ACL) for subfolders and individual files. Compared to simple access right control, ACL enables very finetuned management of who can access what. Backup and replication passwords prevent a secondary NAS of seeing or using the TeraStation for any backup or replication purpose.

Security shield with a red bug inside a gray circle icon

Anti-Virus* - By turning on the virus scan feature, virus spreading over the network is prevented. In case a vulnerable PC gets connected to the network and sends virus-infected data onto the TeraStation, the virus gets automatically detected by the TeraStation and quarantined to a segregated folder and prevents the infection to other clients.

* TS3010 & TS5010, sold separately

Data backup inside a gray circle icon

Backup, replication, failover and encryption - While a backup is not exactly a security feature, it is a measure to protect yourself from data loss in case of a defect or attack on your system and essential for any business or private user. TeraStations offer plenty of options to secure your data in a safe way – backup (via USB or network), replication, encrypted replication, backup or replication via Rsync with SSH (encrypted file transfer), failover, cloud backup. 



Would you like to learn more about our solutions? Join our email list! Benefits include:

  • First access to free webinars and giveaways
  • Invitations to special events
  • Updates and information on our products