Why is the allegedly safe NAS repeatedly attacked by viruses?

Posted May 27, 20202 min read

At the beginning of May, an UP master data of station B was leaked and caused widespread discussion. Dandelion also participated in it and proposed that it can be backed up by NAS. The result was tragically questioned:The NAS used by others was also leaked. What is the use?


After in-depth analysis, this pot NAS does not recite, and there are other hidden feelings!

The reason why the NAS was attacked

First of all, after analysis by professionals, there are two cases of NAS being attacked:

The first case

The computer has been infected by a virus, or the virus has invaded the intranet. It is easy to attack the files in the NAS.

The second case

The NAS server opened the function of being exposed to the external network, and the hacker attacked the extortion through the external network.

For the first case, you can only say to make a backup or not to click on unfamiliar links, software, etc. Today, I will talk about the second reason why most NAS is attacked.

Hazards exposed to the public network

How does a hacker attack the NAS from an external network? Usually through the port.

If the IP represents a specific computer, then the port is the entrance to the various services of the computer, and the firewall is the doorman, preventing viruses from entering the door easily!


For example, the eternal blue burst in 2017 was spread through the 445 port of the samba protocol file sharing. The method given at that time was to close the corresponding port or block the traffic of the corresponding port through the firewall.


The NAS on the top of the B station UP was directly placed on the public network, and port 3389 of the Windows remote desktop was opened, and a weak password was used. The first day of online was broken. So this is not to say that NAS is insecure!

Common solutions


Forming a virtual private network

Build an encrypted tunnel across the public network so that the LANs at both ends can communicate. Because the tunnel across the public network is encrypted, the security of this tunnel can be guaranteed.


In this way, accessing nas resources at home from the company is equivalent to LAN access. The nas at home does not expose dangerous ports on the public network, which can also ensure the safety of the nas on the public network, but the operation is complicated.

For example, using dandelion to group devices in two different areas in a local area network, this is equivalent to forming an internal network, which is very convenient to access.