Synology weerbaar maken

Synology DSM 6.1 hardening settings:

  • Control Panel, security, advanced, TLS/ SSL Cipher Suites, Select Modern compatibility 
  • Control Panel, user, advanced, Password Settings, Apply password strength rules, select; 
    • Exclude name and description of user from password. 
    • Include mixed case
    • Include numeric characters
    • Include special characters
    • Exclude common password
    • Minimal password length: 8
    • Password history (times): 3
  • Control Panel, user, advanced,Password Expiration, select;
    • Enable password expiration 
    • Maximum password valid duration (days): 183 (except administrator users) 
    • Minimum password valid duration (days): 1
    • Prompt users to change password upon login before expiration (days): 14
    • Send expiration notification emails; sent at 12:00, Days before the expiration; 14,10,5,3,2,1 
  • 2-Step Verification,select
    • Enforce 2-step verification for the following users, all users
  • Control Panel, Terminal & SNMP, Terminal, (in case) SSH service, advanced settings, High
  • Control Panel, Security, Selecteer:
    • Improve protection against cross-site request forgery attacks
    • Improve security with HTTP Content Security Policy (CSP) header.
    • Do not allow DSM to be embedded with iFrame.
    • Clear all saved user login sessions upon system restart. 
  • Control Panel, Network, DSM settings, Selecteer Automatically redirect HTTP connections to HTTPS ( Web Station and Photo Station excluded )