# nas securitity



## hammerscrazy (Sep 19, 2012)

hi all,
have a fairly straight forward question which i think i already know answer to but would like just to confirm & see what the down side is .
at present i have a wired home network consisting of numerous pc ,a ps3,various other devices ie tv,blueray player % a stora nas plus a qnap nas.
in the set of the qnap nas under the security page if gives me option of 
Security Level
High: Allow connections from the list only 
Medium: Deny connections from the list 
Low: Allow all connections 
Enter the IP address or network from which the connections to this server will be allowed or rejected. 

at the present it is set to low but would perfer it to be high but at present all network divices are set to automaticaly assigned IP's so i take it i would need to set these to fixed IP's so could i use the same ip they have already been assigned & if i did this would there be any downside to it?


----------



## Winux (Nov 28, 2012)

Yup, switching the devices to a static IP should do what you want. The only real draw back I can see is the very minor inconvenience of adding a new device. Or you could leave everything to dhcp and just make an entry for all 172.168.1.0/24, or whatever your lan ip range may be. That would present a security threat if someone was physically on location, though. Anywho, yeah, no big down-side I personally see and you can totally run that setup.


----------



## hammerscrazy (Sep 19, 2012)

thanks for that i think i will go with your idea of using the ip range


----------



## Wand3r3r (Sep 17, 2010)

"at the present it is set to low but would perfer it to be high but at present all network divices are set to automaticaly assigned IP's so i take it i would need to set these to fixed IP's "

Static [fixed] ips have nothing to do with your issue.

What the qnas is asking you is the SECURITY LEVEL ON THE NAS. 

HIGH means you need to input users [like your account] to access the nas
Medium appears to mean [vague] deny users on the list
Low means open access on your lan

You should consult the manual concerning this for clarification.

If deciding to assign static ips, and this has nothing to do with security, make sure to use ips NOT in the dhcp range or you will have a ip conflict. You may need to reduce the scope of ips being used by dhcp to accomplish this in the router.


----------



## hammerscrazy (Sep 19, 2012)

*hi*
*i decided to set to the setting to high & place a ip range in list, the ip address of the gateway is ***.***.2.1 so i set the range to ***.***.2.2 - ***.***.2.26 not sure if this is correct but as router is connected to a 24 port switch it seemed the right thing to do*
*however now i an getting the following regular warning emails from the nas : *

*[Security] Access Violation from ***.***.2.1 with UDP (port=1900)

**[Security] Access Violation from 64.26.187.150 with TCP (port=80)

**[Security] Access Violation from 223.255.179.115 with TCP(port=80)
*
*so whats going on bit concerned about the latter two *

*below is from manual​*
*



Security Level​

Click to expand...

*


> *Specify the IP address or the network domain from which the connections to the NAS are allowed or*
> *denied. When the connection of a host server is denied, all the protocols of that server are not allowed*
> *to connect to the NAS.*
> *After changing the settings, click "Apply" to save the changes. The network services will be restarted*
> *and current connections to the NAS will be terminated.*​


----------



## Wand3r3r (Sep 17, 2010)

I secure my Nas by not entering a gateway entry in its tcp/ip properties. This results in it not being accessable from the internet.

I would suggest you fully review the manual for this nas so you understand what it is you are doing.


----------

