How does Synology protect your NAS

Businesses are challenged to offer secure access to a broader array of services and applications while guarding against increasingly sophisticated threats. Synology brings enhanced and comprehensive security solutions, allowing your NAS to adapt more quickly to evolving technology, business needs, and sophisticated threats.

CVE Numbering Authority

Synology is authorized as a CVE Numbering Authority (CNA) by The MITRE Corporation, a world-leading security institute. Entitled to assign CVE IDs to vulnerabilities affecting our own products, we are committed to continually advancing our cyber security solutions.

CNA designation

Our participation in CNAs shows our position as a leading enterprise in the field of information security.

CVE ID assignment

We are given the privilege to assign CVE IDs to vulnerabilities affecting our own products.

Vulnerability disclosure

The authorization enables us to control the processes of vulnerability disclosure and bug fixing.

Product security

We constantly monitor potential external threats and instantly respond to security issues.

Fast security incident response

Security has always been our first priority when developing our products. Upon receiving a vulnerability submission, we will make a preliminary assessment within 8 hours, and fix any vulnerability within a day. A patch will be available within a short period of time after confirmation. We ensure the products you have is secure and reliable.

8hr

Investigating vulnerabilities

15hr

Vulnerabilities
fixed

24hr

Responsive event handling

Engage with the hacker community with bounty programs

Synology NAS is committed to high standards of safety. We hold the bounty programs every year and invite the top hackers to enhance the security of Synology products. Keeping user information safe and building a more secure product are the mission of Synology. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of all Synology users.

2015

Hitcon Hack2Own

2016

Private Invitation

Evolving software security

In addition to the responsive security event handling process, Synology is also dedicated to strengthening software encryption and network connection security.

Military grade encryption - AES encryption

The advanced encryption algorithm keeps shared folders on your hard disks strictly confidential. Data transmission over the Internet can also be encrypted, so that it is safe even while accessing services like File Station, FTP, SMB3, and WebDAV.

Self-scanning - Qualys

Synology protects your data with various DSM features, including the reliable, market-leading vulnerability scanner, QualysGuard, which allows Synology to conduct thorough system scans and implement remediation on every major DSM release. Get the security scan results of DSM. See security scan results

Login protection

DiskStation Manager fortifies your account at different levels, providing a secure and reliable environment.

2-step verification

With 2-step verification enabled, you will be required to enter an additional one-time verification code on your mobile device when logging into DSM. Therefore, hackers still cannot access your account without your mobile device.

Account protection

Your DSM is protected by a two-tiered mechanism. Your account is protected by the mechanism that blocks the IP addresses that fail to log in after a specified number of attempts. Similarly, clients that fail to log in after a specified number of attempts will be blocked. You can set up a block or allow list to control which clients can access the system resources.

Secure data transmission

Secure data transfer and network connection

Multiple SSL certificates

For IT admins, it is possible to create and import multiple SSL certificates to Synology NAS, allowing them to manage multiple domain names in one machine. This makes management and maintenance more streamlined and centralized.

Let's Encrypt® integration

With just a few steps, you can get up to 100 free and secure SSL/TLS SAN certificates directly on DiskStation Manager. 

TLS Profile

TLS profiles are used to secure transmission of data through websites. You can choose the security level of HTTPS encrypted connections and the suitable level for the network connection.

Back up all your data

Just in case of unexpected accidents, including hardware failure, natural disasters, or simply accidental deletion, do remember to back up all your data on all devices. See more Synology backup solution

Notes:

  1. Let's Encrypt® is a registered trademark of the Internet Security Research Group, with all rights reserved.