Synology Hardening steps to change the default settings to improve security on a Synology NAS. 

Synology DSM 6.1 hardening settings:

Using the  Security Advisor:

Install and run the Synology Security Advisor and consider changing the advised mentioned settings. 

Control Panel:

Control Panel, Update & Restore, DSM Update:

• Update Settings. Change the settings accordingly with in mind that security fixes are applied as soon a possible. 

Control Panel, user:

• make a new user with full administrative rights, test this new user and disable admin. 
• Advanced, Password Settings, Select Allow non-administrator users to reset forgotten passwords via email. 
• Avanced, Password Settings, Apply password strength rules, select;
  • Exclude name and description of user from password. 
  • Include mixed case
  • Include numeric characters
  • Include special characters
  • Exclude common password
  • Minimal password length: 8
  • Password history (times): 1
• Advanced,Password Expiration, select;
  • Enable password expiration 
  • Maximum password valid duration (days): 183 (except administrator users). Check administrator user Password is always valid. Manually change this password regularly. 
  • Minimum password valid duration (days): 1
  • Prompt users to change password upon login before expiration (days): 14
  • Send expiration notification emails; sent at 12:00, Days before the expiration; 14,10,5,3,2,1 
• Advanced, 2-Step Verification,
  • Enforce 2-step verification for the following users, all users

Control Panel, Terminal & SNMP, Terminal:

• (in case) SSH service, advanced settings, High

Control Panel, Security, Security:

• Improve protection against cross-site request forgery attacks
• Improve security with HTTP Content Security Policy (CSP) header.
• Do not allow DSM to be embedded with iFrame.
• Clear all saved user login sessions upon system restart. 

Control Panel, Security,Firewall:

• consider enabling firewall which depends on the IT infrastructure. Firewall rules can be enabled for VPN services which can improve security or protect a access for Hyperbackup. This can be implemented with an allow and deny rule for certain services. 

Control Panel, Security, Protection:

• consider enable DoS protection depending on your IT infrastructure. 

Control Panel, Security,Account, Auto Block:

• select Enable auto block, login attempts: 10, Within (minutes): 5. Enable block expiration, Unblock after (days): 1. Consider using an allow/block list. 

Control Panel, Security, Account, Enable Account Protection, Untrusted Clients:

• login attempts:5
• Within (minutes):1
• Cancel account protection (minutes later):30 

Control Panel, Security, Account, Account Protection, Trusted clients:

•  Login attempts:10
• Within (minutes):1
• Unblock (minutes later):30 

Control Panel, security, advanced, TLS/ SSL Cipher Suites:

• Select Modern compatibility 

Control Panel, Network, DSM settings,

• Selecteer Automatically redirect HTTP connections to HTTPS ( Web Station and Photo Station excluded ). 

Webbrowser:

• Enable browser's incognito mode or using guest browsing feature when accessing Synology NAS with a public computer