QNAP Features: Security
Features encrypted access, IP blocking, hard drive encryption and Antivirus to create a more secure network
Security has always been a focus in the IT environment. As NAS is designed to provide daily data access to many users, protecting important contents in the NAS is crucial. Adequate measures need to be adopted to secure important business data from illegitimate or unauthorised access and usage.
QNAP Turbo NAS supports numerous functions to provide security for system, data access, and stored files. The encrypted access protects system connections and communications, the IP blocking helps prevent suspicious users, and the external drive encryption reduces the risk of data stealing in case of thief of hard drives. Moreover, detection against the latest viruses is supported. All these measures aim to make the Turbo NAS a safe place for important files.
- SSH for secure connection
- SSL, HTTPS for safe data access and transfe
Remote management via SSH
In addition to using non-encrypted Telnet to log on the Turbo NAS for remote management, IT administrators can secure the connections with the encrypted Secure Shell (SSH), and execute commands for advanced programming or troubleshooting.
Data access made secured
The Turbo NAS supports both SSL and SSH for secure connection and data transfer. IT administrators can host websites on the Turbo NAS and only allow access via the HTTPS (SSL over HTTP) secure channel. Besides, the Turbo NAS also supports SFTP (SSH File Transfer Protocol or Secure File Transfer Protocol) for safe file access and transfer. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet.
The following services are encrypted:
- Secure rsync backup (encrypted by SSH)
- Secure RTRR backup (encrypted by SSL)
- SFTP: Secure FTP (encrypted by SSH)
- FTPS: SSL/ TLS
- Secure web server (SSL)
- Secure shell access (SSH)
- Policy-based automatic IP blocking
Network access protection
IT administrators can set up the black or white list to grant the proper access from different users to the Turbo NAS by IP address.It operates as a policy-based automatic IP blocking by enabling the network access protection command. For example, the command can be set as “in 1 minute, after unsuccessful attempts for 5 times, block IP for 1hour, 1 day or forever.” Once an IP address is denied, the host will not be able to connect to the server anymore regardless of the connection ports it uses.
Hard Drive Encryption:
- Up to AES 256-bit encryption for internal and external drives
- Military level FIPS 140-2 protection
Internal drive AES 256-bit encryption
The Turbo NAS supports volume-based encryption to protect sensitive data. A security key or password is required to mount an encrypted volume when the Turbo NAS boots up. All the data cannot be accessed without the encryption key. It prevents the Turbo NAS data from unauthorised access and data breach even if the hard drives or the device were stolen.
External USB/eSATA drive encryption
An external drive attached to the Turbo NAS means easy removal. The important data on the drive needs a solution to protect the data against theft. The Turbo NAS now supports encrypting USB/eSATA hard drives to prevent unauthorised access to the content when they are lost or stolen. IT administrator can choose to encrypt a disk volume or a specific partition in the external drive at the encryption levels: AES-128, AES-192, AES-256.
Hard drives with the file systems EXT4, EXT3, FAT 32, NTFS, or HFS+ are supported.
Military level security
A military level FIPS 140-2 validated encryption, which is considered to be the highest security certification for compliance, is adopted automatically for both internal and external hard drive encryption.
- ClamAV antivirus toolkit integrated
- Detection against the latest viruses, malware, worms, and Trojan horses
- E-mail notification upon virus detection
Protects data in mixed environments
Typically, all users within the businesses have installed proper real-time desktop antivirus software. However, the virus evolutes beyond prediction and users' unintentional attempts to connect to dangerous Internet sites are difficult to avoid. As virus-infected files in a mixed environment could cause substantial damage, having a back-stop antivirus solution on the Turbo NAS that provides cross-platform file sharing is essential.
Based on the open source ClamAV antivirus toolkit, the integrated antivirus solution for the Turbo NAS ensures business continuity by offering detection against the latest viruses, malware, worms, and Trojan horses with continuous free virus database updates. In addition to multiple scan tasks with custom folder selection and scheduled scanning, an E-mail notification upon task completion or virus detection is provided.
- Bind the services to one or more specific network interfaces (wired or wireless)
Enhanced system security
A NAS with multiple LAN ports usually allows all enabled network services to access the server contents via each LAN port. This reduces data security. In business, important data should only be accessible by certain people via predefined network protocol, or say, an internal IP address. The Turbo NAS service binding support gives IT administrators flexibility to allow or block specific services from designated network interfaces to assure system security.
Optimizes bandwidth usage
Even not for security's sake, binding a service to a specific LAN port can guarantee that business-critical applications have optimized network bandwidth.