Synology® has been making a distinctly effective series of Network Attached Storage (NAS) devices since its conception in the year 2000. We had a chance to try out the Synology® DS218+ that arrived at our office. It had a black finish, protected by a sturdy external plastic casing, and was light enough to be carried along.
It can fit two 3.5’’ hard drives. For our purposes, we used a Seagate® Barracuda HDD, which Synology® packages in some of its NAS models. Fitting the HDD inside the NAS was as simple as simply sliding it into the enclosure included with the product.
The NAS can be directly connected to outside the local router. It comes with its own start-up-start interface that mentions step-by-step instructions on how to connect it to an external IP address, making it extra-versatile in conditions that require greater installation speeds.
It has its own user interface that can be accessed from a browser, which needs to first be downloaded into the NAS hard drive itself. After the installation of the browser UI, any device that has a browser can access it.
The NAS has its own diagnostics toolbar, which shows events and going-ons in the device. Should the NAS encounter any problems, it’s as simple as checking it out.
There is a measure of CPU load in real-time in the user interface, which provides simple diagnostics of the performance of the NAS. It can connect via LAN, but it can also manage a Wi-Fi connection. Other interfaces include three USB 3.0 connections, all of which provide greater versatility should the NAS suffer damage from one port. It’s as simple as using the next port instead, until the time comes that the damaged port can be repaired.
We tried to stretch its security to the limit, and this is what we’ve learned.
“Hostile” requests and pageviews, such as those that attempt SQL injection or Cross-Site Scripting (XSS), are filtered. We tried to find end-points that seem to be open for such attacks, but in the end, they are protected seamlessly.
It has a Web Application Firewall (WAF) that disables hostile page views. We tried an automated program that allowed multiple requests at once. In a short while, we faced a sort of rate-limiting, despite how the CPU still survived a good 89% load out of simply viewing the interface.
A little diagnostics showed that the operating system behind the UI was a Linux. It was at the latest Kernel version at the time. Additionally, there was a mention that there are many user groups involved, and we can guess that even the administrator does not have the highest control of the OS from the browser. (If the administrator did, it would be an extreme security hole because anyone who views the UI can access the system files).
Files that seem vulnerable to Shellshock (Bashdoor bug) seem to be protected. For example, a cyberattack that might permit a shutdown now command would simply yield an Error Code 101, which denotes that a misconfiguration happened. Such a “misconfiguration,” it seems, is actually not so bad, because the shutdown now command was never passed to the OS.
Physically, the DS218+ proves to be effective in surviving the elements. The tabs that are used to eject the HDD are tough enough not to be accidentally moved (so as to remove the hard drive). Additionally, there is a cover that protects the NAS’ front panel, making accidental hard drive ejection a negligible possibility.
All the cables are behind the NAS. This makes it easy not just to move around, but also to protect should the time come that the user would need to place it somewhere else.
In terms of ease-of-use, the DS218+ is lightweight enough for a single person, and can be deployed without the help of a second user. Turning it on is as simple as a single button, which, upon startup, gives a distinctive beep.
Verdict: 5 Stars
We’d like to give this product a total of 5 stars, not only because of its aesthetic traits, but also for the multiple security systems involved, not only physically, but also for the information security within the NAS file system itself.