…without snark or jumping down my throat. I genuinely want to know why it’s so unsafe.
I’m running a Synology DS920+, with my DSM login exposed through a Cloudflare tunnel. I have 2FA enabled, Synology firewall enabled with these rules in place. I also have this IP blocklist enabled.
After all of this, how would someone be able to break in via the DSM login?
Speaking as someone who decided to “just be a consumer and trust that my NAS manufacturer had appropriately hardened the login interface”, and was using 2FA, and subsequently fell victim to a ransomware attack:
Do not expose any port on your NAS to the internet.
If you really want it available to you when you’re away from home, set up a VPN using a separate device as the VPN server.