FreshRSS

🔒
❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierFlux principal

Terramaster TOS 5 Software Review

28 juin 2022 à 08:15

Terramaster TOS 5 NAS Software Review – Network Better?

If you are an existing Terramaster NAS owner, or are someone that has been considering their NAS brand for your private server purchase, then you might have heard that they recently released their latest BIG software update. Upgrading from TOS 4 to TOS 5, this new update brings a huge range of improvements in the GUI, available applications, supported services, security and user controls to their NAS systems. Today I want to review this massive software upgrade and help you decide whether you should upgrade, as well as help you decide if a Terramaster NAS is going to be the right choice for you and your storage in 2022/2023. So, get comfortable and let’s break down everything about TOS 5 in today’s review and help you decide if it deserves your data!

Review Chapters (click below to skip ahead)

Disclaimer – It is important to note that even though TOS 5 is now fully released and in its non-beater version, some applications are still in beta within this software platform and although I will touch on them throughout this review, I will make a point of highlighting when some applications in full release or are still in Beta. These include Terra Photos, Terrasync tools, Centralized Backup, elements of Terra Search and Surveillance Manager. Although all of these applications are still available in the app center, the experiences I had with them still demonstrate that they are not in their final form and suffered weak resource sharing with the rest of TOS5. Otherwise, all other elements discussed in this review are in their full release candidate form. Additionally, at the time of writing, TOS5 is not available for ARM processor NAS devices. This review was conducted on an F4-423.

What I liked in TOS 5

  • The GUI is considerably clearer and much more vibrant.
  • The options and icons in the GUI are much more responsive and clear against other background activities.
  • There are considerably more backup and synchronization tools in TOS5.
  • There are a vastly improved number of storage configurations and services available at your disposal.
  • The mixed drive TRAID Is going to win serious points with ex-synology owners.
  • The system includes direct tech support and remote access terminal for official support and difficulties
  • The network isolation mode in TOS5 is both unique to the brand and particularly helpful.
  • The resource monitor is 10 times better than in previous versions of TOS 5 and genuinely useful. 

What I did not like in TOS 5

  • The number of applications that are still in beta at the launch of TOS5 is disappointing.
  • The upgrade path between TOS4 and TOS5 is not as smooth as it should be. And will confuse some and concern others.
  • Remote access still seems to be a little too easy to do. And not enough warning is provided as to the inherent dangers of a weak remote setup.
  • Multimedia tools are a little lacking and although there is a general DLNA media server application and the photo app in beta, there is no dedicated video or music tool available.
  • Resource sharing could still be greatly optimized when running multiple apps or services at once.

Terramaster TOS 5 Review – Design and Navigation

Although the general design and layout of TOS 5 have not changed a great deal in its methodology compared with TOS4, it is the responsiveness and intuitive layout of some choices that have been greatly improved in this new version of the Terramaster software. Clear improvements have been made in how the user interface is accessed via most available web browsers and you definitely get more of a localized access field when interacting with the GUI on your Terramaster NAS in TOS5

Equally, there have been changes made to the control panel when navigating settings and configuration options on your TOS5 NAS and some choices have been moved to more appropriate sections, as well as more important areas such as security and file services have been vastly improved and/or moved to their own app portal on the desktop.

From the initial GUI of TOS5, you can also access all of the user settings by clicking the user icon at the top right of the screen. From here you can configure a number of presets for the connected client login and an option to add two-step authentication to your access credentials, now a great deal more accessible here from the desktop. However, I am not a huge fan of the fact that two-step authentication on the Terramaster NAS in TOS5 still seems to require the use of the official Terramaster mobile app and does not seem to support of third-party OTP apps such as Google authenticator, but it is still better to have this extra layer of double authenticated access alongside your password.

Equally from this top right range of contextual options, you are able to quickly access a breakdown of the health, activity of your storage and network on the Terramaster NAS in TOS5. This range of widgets and information can be configured quite quickly and although the TOS 5 system now contains a very robust resource monitor, this is a nice range of options to be accessible directly from the GUI and better presented than what we saw in TOS4.

Customization of user access and GUI in TOS5 is not absolutely huge. You are able to change the wallpaper to a number of preset included wallpapers (as well as upload your own image), but that is about it and there isn’t a huge degree of customization with regards to icons or differentiating one user from another visually. You can however change the initial login screen to display a different range of text or images based on the user and for those of you that want to create guest login portals to the NAS or want to differentiate different departments to have their own stylized login screen, this is indeed possible.

Additionally, creating multiple users with their own tailored levels of access to different directories and NAS services is still very easy in TOS5 and although I was unable to find any means to upload an existing CSV or another database of accounts, creation was still very straightforward. I will highlight that during the upgrade from TOS4 to TOS5, multiple accounts that I had created did not carry over seamlessly in the upgrade and I have raised this with Terramaster and look forward to their reply.

As mentioned, one enormous area of improvement on TOS5 is the considerably more robust and detailed resource monitor. In previous iterations of TOS4, You were GIVEN a great degree of information, but it was displayed in an incredibly unintuitive way and with little to no means to interact with this data. In TOS5, the ability to create historical and analytical reports of data is considerably easier and with each of these parameters digging down quite comprehensively in terms of individual client apps and users, resource consumption and which processes are perhaps getting greedier than others. Though the level of control you have over these services and processes from the new improved resource monitor is a little less impressive, and although it will help you identify which processes are eating up all of your memory, you cannot close these processes as easy as you might in a standard task manager on your operating system.

This isn’t wholly unusual and indeed only QNAP really provides the option to kill processes on your NAS on the fly due to its potential for harming system and storage operations. Still, there were times during the use of TOS5 when I felt that resource management could have been improved upon internally. That said, the system did regularly update me via notifications, email notifications, and in the lock center to tell me when the system was under particular duress or needed my attention. The improved log center did a better job in TOS5 of differentiating the importance of different alerts and although email notification frequency was a pinch high, these could be configured in levels of importance in the log center.

Another area of improvement on TOS5 is the range of available applications that you can choose to install on your Terramaster NAS and run with ease. Although lacking the wider variety of applications in both first and third party that their competitors at Synology and QNAP feature (with 46 apps available and 8-10 of these in Beta), there were still several applications available here that were notably absent in TOS 4. Additionally, these beta applications were very clearly marked as in development and all applications could be installed in a single click, be added to the desktop GUI with a further click, suspended in the event of resource-saving with just another click and finally uninstalled if needed with again, just one click. A lot of the base-level back-end applications that are required to run these apps and services are installed by default on a Terramaster system and therefore adding these final applications is both quick and pretty seamless. Talking of quick and seamless, one thing that I have mixed feelings about (mostly good) is the option for technical support and remote assistance on your Terramaster NAS at the touch of a single button on the GUI.

Available by default and immediately listed on the GUI desktop applications, TOS5 includes the ability to register a technical support ticket directly from your NAS. Of course, you will need to have an internet connection in order for Terramaster to receive your technical inquiry, but this means that important log information, serial numbers and much more analytical details on the nature of your technical difficulty are easier to attach and send off for potential swifter resolution. Equally and perhaps in partnership with this technical support option, there is the facility to allow Terramaster to remotely access your Terramaster NAS from within this desktop to UI app in TOS5. You will need to set up an availability time from within the option and of course enable internet-level access, but I can certainly see a number of users who have difficulties with their Terramaster NAS taking advantage of this first-party remote support. My only concern with this is that this means that there is an access point for Terramaster upon request to be able to access your NAS remotely and although the brand has tightened a number of security settings in TOS5 and provided several security tools and services recommendations that are peppered throughout the software UX, I don’t feel that an option like this should be so readily available to novice users. I can see the benefit, but can also see the dangers of a less experienced user opening doors to a NAS remotely. Of course, this feature likely exists behind the existing security settings and configurations that you set up and therefore still going to need an element of end-user cooperation in order to be used by Terramaster, but still, it does give me a certain pause for thought.

Another element of using TOS5 that I felt could have been done better in terms of design and presentation is the upgrade path for those who are shifting from the TOS4 platform onto TOS5. Unlike other updates to the firmware, which tend to be either automatic or can be actioned from within the TOS control panel with relative ease,  TOS 5 requires the user to restore the system to a factory state and then install TOS5 as the system’s new operating system. It does not dismount your RAID array or delete your data if done properly, but it is still a very clunky method of upgrading and if done wrong does have to potential to format your system. Less experienced users may be a tad too intimidated to click an option marked restore to factory settings without fear of losing their precious data. Terramaster for their part have been clear that the upgrade should not delete your data, but still heavily insist that you have backups in place before upgrading –  which for users housing data in the tens of terabytes is perhaps easier said than done. That is no excuse for not having a solid backup foundation, but realistically there will be users who simply cannot afford to back up the entirety of their existing TOS for storage to make the jump to TOS 5 (choosing instead to only backup mission-critical data).

Ultimately, in terms of design and navigation, I cannot fault TOS 5 as it is clearly a big upgrade on TOS 4 and something Terramaster has clearly been working on to bring their NAS software up to par with their competitors. Things do feel a great deal more responsive and the layout of icons and services has definitely been tweaked for the better. I still feel that some services and tools could still do with tweaking in their presentation, but you do definitely feel the difference in this latest version of Terramaster’s software and if all you have ever used is TOS 4 or TOS 3, this is probably going to blow you away.

Terramaster TOS 5 Review – Storage Services

TOS 5.0 brings a massive range of improved storage services and supported configurations in its latest release, hugely dwarfing those of TOS4. The landscape of modern network-attached storage has changed quite rapidly in the last 5 years and simply providing the means to create a RAID and backup in a rudimentary fashion just isn’t going to cut it in 2022. Therefore, Terramaster seriously needed to improve on the range of storage services and applications that are included in their storage platform, even when they are still largely considered the value tier in the market. Despite this rather more cost-effective reputation, there are a number of services that the brand is offering that ape those of much more expensive alternatives from Synology & QNAP, and in fact even manage to offer a middle ground of services to allow you access to the advantages of either of those top two brands in a less exclusive fashion (eg NVMe SSD Pools, BTRFS, Fluid RAID, etc). There is the inclusion of expected storage services that were available both in TOS4 and on offer from all other NAS brands, such as creating a RAID, supporting a Hot Spare, Data Scrubbing, creating snapshots of your storage and even now including options for SSD caching in TOS5. However, on top of all of these, the brand has provided some quite nifty innovations in the latest release of their software in terms of storage tools. Let’s touch on one of the AAA+features that were highlighted early, TRAID.

Likely the one that got a lot of early people’s attention and a feature that Synology have largely dominated (though Drobo did have the feature too) the market in support of, TOS5 includes a fluid and flexible RAID configuration option in the form of TRAID. In brief, all NAS offer most traditional RAID configurations such as RAID 5 and RAID 6, which provide you with benefits in performance and in redundancy (ie protection from one and/or two drives failing). However, you need to ensure that all drives used in the array are equal in capacity otherwise you will be unable to take advantage of any additional capacity in larger drives (eg all 2TBs, or all 4TBs etc). TRAID allows you to use mixed drives in your RAID and although few people would choose to take advantage of this on day one, years into your system’s life, you may wish to install newer and larger drives gradually into your existing RAID to expand and that is where mixed drive support becomes tremendously beneficial in allowing you to increase your base storage capacity, without having to build a brand new RAID configuration. 

Improvements on storage pool creation are not the only way in which TOS5 improves upon how it manages and contains your storage though and in this new firmware update (alongside traditional easy volume creation that supports both EXT4 and BTRFS choices – the latter providing bit corruption healing during initial write and lower resource impact doing snapshot creation), there is also the support of Write Once Read Many configurations on volumes (WORM). For users that want to create a container for storage that can have data sent to it but that data be unmodifiable for a predetermined range of time, support of WORM is going to be a tremendously useful and welcome addition in TOS5. However, there is also another little addition to TOS5 in its RAID management that existing Synology and ZFS server users will also welcome, FAST-RAID repair.

Although TOS5 features a customizable RAID rebuild priority option, which although welcome is not exactly new in 2022, it does feature an improved RAID rebuild feature that will greatly improve the time it takes for a partially populated RAID storage pool to be rebuilt in the event of a degraded state (i.e when a drive fails). This Fast-RAID repair feature when selected will result in the system only rebuilding the areas on each disk where data would have remained in the original storage pool drive (using available parity data for reference) and the rest of the drive space across the platters is then zeroed out. This means that if you have a RAID storage pool that comprised 20 terabytes, but only 5 terabytes of actual data inside, your RAID, rebuild speed will be considerably faster than in a traditional RAID rebuild scenario where the system would have to build and enter a value for every bit on the disk. RAID-rebuild times are something that only higher-tier business and enterprise users tend to heavily focus on (downtime = lost money) and although there are preventative and preemptive measures that you can adopt to save time such as hot spares, this Fast-RAID rebuild option will reduce downtime and/or lower performance during a RAID resync operation.

TOS 5 also now includes its own dedicated iSCSI manager that makes simple work of creating multiple target paths and hosted areas of LUN storage. Alongside a range of improved network file service protocols in the file services area of the control panel, this much more intuitive means with which to create large block storage (although available in TOS 4) was not presented quite so intuitively. There are additional options built into the storage manager too that allow you to scale the level of compression used with the systems volumes too and it is little innovations like this that are built into the improved storage management of TOS5 that will tempt new business users looking at Terramaster as an affordable alternative to subscription cloud services.

Finally, there are improvements in how you can view and interact with the individual storage media on the Terramaster NAS. For starters, there is now a benchmark tool that you can utilize to analyze the performance of individual hard drives and SSDs inside the NAS. Additionally, there is the continued support of SSD caching in TOS5, however Terramaster has joined the small collection of brands that not only support the use of NVMe SSD storage for caching, but also support the utilization as a storage pool. This will be particularly useful to users who want to take advantage of improved performance available on these m.2 PCIe-based SSDs for booting key applications in the NAS software or VMs.

That said, I encounter a few hiccups when trying to interact with the NVMe SSDs as a storage pool (low benchmarks, pointing services at them) and although Terramaster assure me that this is being worked on, currently using the NVMes as standalone storage is not something I would recommend right now. Aside from this, though, I simply cannot fault the scale of storage improvements that have been afforded to the creation of pools and volumes in TOS5 compared with the previous version and this was a particular standout highlight for me in this software upgrade. But what about file and folder management?

TOS much like many other NAS brands provides a file manager that allows you to access and edit the file/folder structure of the data contained in your volumes, shared folders and connected remote storage easily. This file manager has seen only a few small tweaks in TOS5, however, it did seem more responsive than its previous version and still continues to provide the benefits of shared folder management available in BTRFS.

The ease of sharing files and creating customizable links to share with users with customized access and date policies was still very easy. As well as the ease and speed with which you can create, duplicate, and execute snapshots on shared folders on the fly. All fairly standard but well-executed stuff.

However, I will say that the file manager was not particularly fast in its thumbnail creation when viewing images and the depth of information that could be obtained when looking at the properties of files via the TOS file manager still felt quite rudimentary. It is a minor point and not a great deal of users are going to access files regularly via the web browser in this fashion. However, this does seem like an oddly straightforward feature that is absent or poorly handled in the TOS5 file manager.

Equally, most file types still continue to be unplayable natively in the TOS web browser GUI. Common photo file types could be opened and viewed, some video files and a limited number of supported audio formats too. But due to the lack of tailored multimedia applications available in TOS 5, accessing multimedia on a Terramaster NAS is still infinitely better over DLNA or using third-party tools such as Plex or Emby. Let’s move on to network management and security in TOS 5.

Terramaster TOS 5 Review – Network & Security Management

If there is one area that intimidates NAS buyers early on, it is having to understand and get to grips with network management and security settings of your storage. Unlike many other areas of IT, it is tremendously difficult to dumb down or demystify network and security management without risking undermining the safe access you have to your data. Many NAS brands have tried and failed to make this complex area of NAS ownership as accessible as possible.  TOS 5 does a fair job and certainly improves upon TOS4 in the configuration options and how they are presented to the end-user, but there are still a few areas that could use improvement. We have already touched on the brands, improved integration of OTP (two-step authentication) as well as the admin super user account being disabled by default on the system. There are even improved notifications on the fly when using the system and whilst the system is running in the background, being presented to the user that highlight when your system is being used in a less optimal or less secure way. Terramaster suffered something of a PR bloody-NAS earlier in 2022 when they were targeted by the Deadbolt ransomware group (along with other NAS brands), so network security and the level of protection afforded to users’ data by a Terramaster NAS was brought into question. Needless to say, TOS 5 includes numerous changes and additions to the system software that have focused quite specifically on these areas.

New to TOS 5 is the isolation mode feature that has no doubt been spurred on by numerous reports of ransomware attacks targeting multiple NAS brands. A very unique feature to just Terramaster, the isolation mode is found in the control panel and allows the user at a single touch of a button to suspend all remote internet-based connectivity to the NAS. However, it does not stop there and isolation mode has several other important features when it is triggered. These include suspension of all SSH and telnet services, disabling of all custom, third party (i.e non system signed services) and insecure PHP applications and in order to disable isolation mode, requires a system restart which is a complete manual and authentication required procedure. In short, isolation mode is the One-touch method of suspending all untrusted or uncertain communications with the device and allows the end-user a killswitch that will not lose them their data.

However, isolation mode is the more extreme way in which you can sever all connectivity outside of the network to your NAS and TOS5 does include a bunch of other features that allow you to cherry-pick which services and protocols you are prepared to enable. A number of these standard connections are disabled by default when you set up TOS5 for the very first time and likely this is done to protect somewhat more novice users from accidentally leaving the back door open in error. You can limit connections to the NAS to specific IPs, ports and only secure HTTPS connections if you wish, as well as disable any kind of TOS5 GUI access outside of trusted clients/paths. Additionally, UpUp has been disabled by default (remote and network) and DOS protection is enabled on day one.

Alongside the means to create multiple user accounts and groups that will have their own login credentials and levels of access to the Terramaster NAS system services, the software also allows you to create a custom auto block and frequency of failed login attempts protocol to your own specific needs. This can be as heavy-handed or as lucy-goosy as you wish. Again, not ground-breaking, but the default system setting are a few notches higher in this latest Terramaster NAS software revision.

Accessing your Terramaster NAS outside of your local network is possible by utilizing the inbuilt TNAS online service that allows you to connect remotely via the internet with your NAS via the Terramaster authentication server. This service is disabled by default and you will need to create an account with Terramaster to register your device to begin remote access in this method. This is a free service that is included with your NAS and is not in any way subscription-based, however performance will be a fraction more limited (i.e slower) than via more custom and direct access setups, though considerably easier to set up.

There are numerous additional security precautions you can take that range from adding certificates, randomizing your default ports and utilizing a VPN pass-through, however do not forget that this more convenient remote access feature will never be truly a safe as your own customized and thoroughly unique remote access method.

Another of the more understated but useful additions to TOS5 is the security advisor tool that is installed and available immediately from the desktop GUI. Comparable to similar security advisors and scanners from Synology and QNAP, the TOS5 security advisor scans your entire Terramaster NAS setup in order to highlight any weaknesses in security or data safety. Although the security advisor is by no means a comprehensive and enterprise tool, it is certainly going to be of use to less experienced storage and network users who appreciate a helping hand and regular reminders of keeping their NAS as closed as possible.

However, the hand holding that Terramaster provides to the end-user when crafting a more secure network environment could certainly be improved upon to benefit novice and amateur users. I cannot fault the range of services and tools for network configuration that are available in TOS5 that are included in the price of the NAS, but the level of tips, hints and guidance that the system provides is virtually non-existent. When looking at these more complex and intimidating areas for new NAS buyers, It is quite easy for me to regularly state online that users should have a bulletproof firewall set up, but with little to no guidance in the firewall area of TOS5 as to what certain settings can result in (for good or bad), I can imagine this is perhaps a pinch to challenging for some novice users.

VPN service, in stark contrast to when you look at how firewall management in TOS5 is conducted, is much better and has its own dedicated application and settings in the TOS5 control panel.  TOS 5 supports several different existing VPN providers that allow fast and easy implementation of your account credentials and adding the NAS to your current subscription either as a VPN server or just generally. It seems a little sparse when compared to the presentation of VPN settings by their competitors, but it does get the job done.

Overall, Terramaster has certainly improved network management and security tools in TOS5 a great deal over their previous firmware release. There are a bunch of new tools, a few system unique options like isolation mode and arguably there is very little available from other NAS brands that are not currently available here in TOS 5. The presentation is a little underwhelming and those of a less technical stance may hit a few barriers along the line, but I do think Terramaster have clearly upped their game with regards to how network and storage security is handled in their software. Let’s discuss backup and synchronization in TOS 5.

Terramaster TOS 5 Review – Backups and Synchronization

On the subject of backups, TOS5 has clearly put a bigger emphasis on consolidating the supported range of services and tools that were already available, rather than introducing many new applications in this area. That isn’t to say that Terramaster has not bolstered the available range of services. TOS 5 introduces new client-supported backup services such as Centralized Backup for Windows, Linux server and VM systems to give just one example. But for the most part, what TOS5 has provided over its predecessor is to make things a great deal more intuitive on how these different tools work together for an improved 3-2-1 backup strategy. There are also small improvements to the synchronization tools thatarrive in TOS, allowing you to bolt-on storage from remote spaces and this too is presented notably better in this latest revision on Terramaster’s NAS platform. This extends right the way down to creating a backup of your system configuration, or importing an existing Terramaster configuration, there is definitely a more refined and intuitive approach to back up and synchronization on TOS5.

The majority of the backup and synchronization tools that TOS5 arrives with can be created, modified and actioned from within the backup one access portal and from here you can manage the bulk of backup operations on your NAS. It is still a little bare-bones when compared to other NAS brands out there and lacks a few guidance points for those less experienced in remote backup processes, but having the bulk of these important backup tools on your NAS in a single place makes considerable sense.

Although a myriad of different connection protocols for remote storage services are supported (such as WebDAV, FTP and SMB), the most user-friendly and easy means with which to connect to storage services together for backup paths over the network is going to be Rsync. This allows a one or two-way synchronization to be created between your Terramaster NAS and another storage area. TOS 5 supports the usual variations of Rsync setup here and although it’s all useful, there isn’t a tremendous amount of change in the latest update here from TOS 4 to TOS 5.

Likewise, USB backups, although amply covered in their own dedicated tool (supporting file transmission in either direction, as well as supporting full synchronization and differential backups) are not hugely changed they were in TOS 4 in terms of how they are conducted.

TOS5 also supports a dedicated folder-to-folder backup and synchronization tool that is predominantly targeted at creating backup targets from within your NAS storage volumes. Although on the face of it, this seems a somewhat unnecessary requirement when duplicating data inside a system only leading to continuing to put all your eggs in one basket, many users will appreciate the ability to have an in-system and in-volume (or pool-to-pool) backup routine as well as for synchronization. It is a rather niche-supported service but there is an audience for it.

Centralized backup is one of the newer services to Terramaster NAS software and allows you to create system-wide backups on your Microsoft computers, third-party Linux servers and virtual machines via VMware and hyper-V images. Of course, much like the bigger and bolder Synology Active Backup Suite (of which Centralized Backup is clearly designed to emulate at a more affordable level), it requires the installation of a desktop client application to be downloaded and installed on your local machine, which can then establish a connection with the NAS with TOS5 and conduct one or scheduled backups that are far more OS friendly to reinstate than typical file folder backups. The application and service are still in beta and although I appreciate what they are trying to do with this, it did feel a little unfinished during my review. We will return to this application with a dedicated video when the service is fully released.

Moving slightly away from traditional backups and synchronization with remote servers, we can discuss cloud synchronization. Much like TOS4, the latest version of Terramaster’s software supports connection and synchronization with a number of third-party cloud services. Although the list of supported cloud providers is not quite as exhaustive as it is from Synology and QNAP, popular entries such as Google Drive, OneDrive and Dropbox are immediately available and connection with your NAS can be made in minutes. Once connected, you are able to create a customized synchronization routine between the TOS5 NAS and your cloud provider that allows you to change synchronization schedules, file date inclusions, strict exclusions, file size limits and more. Once connected, this synchronized cloud space and its existing file folder structure will appear in the file manager on TOS5 desktop in the browser interface. It is a simple but reliable tool and I was able to connect several different cloud providers in less than 5 minutes each with bespoke settings. Although little has changed in the transition from TOS4 to TOS5, there were a few extra options in the config menu that I appreciated and it did seem to run better.

Overall, although the range of backup and synchronization tools available in the TOS 5 platform is not exactly going to blow you away, it isn’t really supposed to. There is pretty much every common means of backing up the content of your NAS and client devices you are going to need on day-1. TOS5 has simply taken all of these services that existed in TOS4 (for the most part), improved their presentation and added further features. Add to that the new promising-looking Centralized Backup tool and although TOS5 is not exactly going to blow your socks off in this department, you cannot say that a Terramaster NAS in 2022 does not give you sufficient options to back up your data.

Terramaster TOS 5  Review – Multimedia Management

Unfortunately, multimedia management is one of the weaker areas of both Terramaster NAS and in TOS5. The standard services that one would expect when utilizing a network-attached storage device as a multimedia server are certainly present here. Support of UPNP, as well as accessing your media over DLNA, is easily possible in TOS5 and we will of course touch on the AI photo recognition application (Terra Photos) currently in development from the brand that is available in beta alongside TOS 5s launch. However, after this, there is precious little else that is multimedia targeted and what there is just a little basic. Heading into the file services area of TOS5 shows that you can set up the standard multimedia indexing locations that ensure that the system understands where different types of media reside inside the NAS. You can adapt existing values or add multiple different targeted locations with ease. Again, nothing really exciting but at least it’s there.

Even setting up your NAS as a multimedia server in TOS5 is by no means difficult and there is a dedicated multimedia server application for handling things such as thumbnail generation and transcoding configs there, plus options on different audio format support and several other different media tools that you would expect when streaming photos, music and video from your NAS over the network. It was all so very…safe and proficient.

It might also seem a little old-fashioned in 2022, but there is also a dedicated iTunes server application to allow your Apple devices and iTunes media services to connect with the media on your NAS in a tailored and dedicated way. These are useful applications and definitely something that will be useful when streaming your multimedia from the NAS, but the problem is that that is about all the applications you have available. There is no dedicated audio application outside of the iTunes tool and zero first-party video application. So when playing video media on the NAS, You want heavily reliant on third-party applications to get the job done. Which might not sound so bad (so, SO many people use PLEX) but you cannot use hardware transcoding on your NAS without a Plex Pass account, so you have a catch-22 situation where TM doesn’t provide a video app with easy transcoding, but the inclusive multimedia app Plex will charge you – bummer!

Now, the TOS5 terra photos application is still in beta and despite there being a number of polished apps in TOS5, this AI-powered photo tool is not one of them. The logic is certainly there and it is able to crawl your photo albums to generate lists of recognized faces into collections that you can name and catalogue – however, the application is still quite a long way from being completed, featuring poor resource management in this beta version and lacking a number of album and folder management tools that would be expected when complete. Likewise, despite the application crawling existing albums, it was always slow in its response time and thumbnail generation, as well as the AI photo recognition being nowhere near popular alternatives from Synology Photos and QNAP QuMagie. The tool definitely shows promise and perhaps towards the end of 2022 we will see a big leap in its development and speed of use, but right now I find it hard to recommend Terra Photos in it’s beta state.

Ultimately when it comes to hosting multimedia on a Terramaster NAS, TOS 5 features a base level of polished enough media tools to support your collection and I would still heartily recommend utilizing your Terramaster NAS with third-party tools such as plex media server and Emby. Both of these services are available for free download in the TOS5 app center via the web browser, are installed in less than three clicks and you can have your fully featured and highly polished multimedia server up and running exceedingly quickly.

It’s just a bit of a shame that TOS 5 for all of its benefits, simply does not feature any key multimedia application that challenges these two third-party alternatives right now. Given the more affordable-minded (e.g cost-effective) buyer that the Terramaster brand has cultivated who has a big, big focus on multimedia streaming, this gap in their platform is certainly surprising.

Terramaster TOS 5  Review – Conclusion and Verdict

Overall, TOS5 is definitely a big and impressive upgrade over TOS4 in terms of design, features, speed and responsiveness. It would have been great if killer apps such as the Surveillance Manager and Terra Photos were completed and out of beta when this big software update finally arrived, but even without them, you can’t fault the scope of improvements that have been included in this latest update to the Terramaster NAS software. With numerous improvements in its security setup, as well as disabling some of the more vulnerable settings of TOS4, upgrading to TOS5 will only provide you with a better day-to-day Terramaster NAS experience.

However, it has to be highlighted that the upgrade path for existing Terramaster NAS users is still a pinch, more complicated and certainly less fluid than people might expect and runs the risk of intimidating some users enough that they will simply not update their firmware, risking potential vulnerabilities to be exposed down the line. As we move into the newer generation of Terramaster hardware arriving in the market, no doubt these newer late 2022 generation devices will arrive with TOS5 by default and largely closed this issue for new users. Bottom line, TOS 5 is DEFINITELY a big step up in the brand’s software, but might still need a little more time in the oven.

TOS 5 – What I LIKED TOS 5 – What I DIDN’T Like
  • The GUI is considerably clearer and much more vibrant.
  • The options and icons in the GUI are much more responsive and clear against other background activities.
  • There are considerably more backup and synchronization tools in TOS5.
  • There are a vastly improved number of storage configurations and services available at your disposal.
  • The mixed drive TRAID Is going to win serious points with ex-synology owners.
  • The system includes direct tech support and remote access terminal for official support and difficulties
  • The network isolation mode in TOS5 is both unique to the brand and particularly helpful.
  • The resource monitor is 10 times better than in previous versions of TOS 5 and genuinely useful. 
  • The number of applications that are still in beta at the launch of TOS5 is disappointing.
  • The upgrade path between TOS4 and TOS5 is not as smooth as it should be. And will confuse some and concern others.
  • Remote access still seems to be a little too easy to do. And not enough warning is provided as to the inherent dangers of a weak remote setup.
  • Multimedia tools are a little lacking and although there is a general DLNA media server application and the photo app in beta, there is no dedicated video or music tool available.
  • Resource sharing could still be greatly optimized when running multiple apps or services at once.

Thinking of buying a Terramaster NAS Drive? If you use one of the links below, it will mean that NASCompares will receive a small fee in return, which goes directly back into making videos, articles, guides and reviews. Thanks for being a good sport!



Terramaster NAS FINALLY Release TOS 5 – Everything You Should Know

17 juin 2022 à 01:56

Terramaster TOS 5 Software Update RELEASED!

According to Terramaster the new TOS 5 release has been in development for one and half years, includes more than 50 new features, 600 enhancements, comprises 300,000 lines of new code and now, the long-awaited TOS 5.0 is officially released today! Although there are a huge number of improvements under the bonnet, there is also a whole bunch of improvements on the surface too, ranging from improvements in the GUI and responsiveness to new fully featured applications. Here is what you need to know.

TOS 5 Now has a Secure HyperLock-WORM file system Option

Data is a precious asset of the vast majority of users, and data security is very important! Some data storage and custody are even regulated by law, such as court cases, medical cases, financial securities, company financial data, etc. These important data can only be read but not written within a specified time period according to the law. Therefore, such data needs to be protected against tampering. The WORM (Write Once Read Many) features provide a write-once-read-many technology, which is a commonly used method for data security access and archiving in the storage industry. The WORM feature means that after the file is written, it can enter the read-only state by removing the write permission of the file. In this state, the file can only be read and cannot be deleted, modified, or renamed. By configuring the WORM feature to protect the stored data, it can be prevented from accidental manipulation.

TerraMaster HyperLock-WORM file system is a storage system with WORM characteristics. Through the write-once-read-many technology, the integrity, confidentiality, and accessibility of the original data in the storage medium are guaranteed to satisfy the sensitive requirements of enterprises. Data security storage and legal supervision needs. The characteristic of the TerraMaster HyperLock-WORM file system is that its WORM feature is developed based on the file system and is not limited by the file service type. It is suitable for most common file services, but can only be set by the administrator. Administrators can flexibly assign read and write permissions to users and set a protection period. During the protection period, the data uploaded to the device can only be read and cannot be deleted, modified, or renamed. The protection period can be set up to 70 years! In order to improve security, once the protection period is set, it can only be extended but not shortened.

Compared with other storage solutions with WORM features, the TerraMaster HyperLock-WORM file system has higher security. Once the TerraMaster HyperLock-WORM file system is created, even the administrator cannot delete or modify the storage partition from the menu page or the system background. As long as the storage device is safely placed in an isolated environment, anyone without access to the NAS hardware devices, even employees with administrator privileges or hackers, cannot pose a threat to the data. TerraMaster HyperLock-WORM file system is an innovation in data security management, which can provide more secure protection for customers’ important digital assets, and is suitable for industries with important data such as government, public health, law, finance, and enterprises.

New Storage Utilities in TOS 5

The core function of a TNAS is data storage and backup. TOS 5 has fully optimized storage management and added more utilities to facilitate users to monitor the health status of storage space and increase storage space utilization.

  • Hard disk Benchmark
    Through the hard disk benchmark test, you can better understand your hard disk’s read/write, latency, and throughput performance. The hard disk benchmark can also reflect the health of the hard disks
  • Hard Disk Secure Erase
    Secure Erase can completely erase the data on the disk by randomly writing 0 or 1 to the disk. Securely erased hard drive data can no longer be recovered, suitable for users who store sensitive data.
  • SMART Long Test
    SMART is an important indicator of hard drive reliability. SMART Quick Test and SMART Long Test options have been added to TOS 5. You can get more accurate hard drive health indicators with the SMART long test, but the advanced long will take more time.
  • Hard Disk Bad Block Warning
    Enable monitoring of the bad blocks of the hard disk. Once the number of bad blocks increases, a notification and warning will be sent to the administrator.
  • SSD TRIM
    By periodically TRIMing the SSD, the storage sectors are pre-initialized to maintain the excellent read and write performance of the SSD.
  • Hard disk Operation Log
    Record all operations of the system or the user to the hard disk.
  • Array Synchronization Settings
    Device performance is affected during array synchronization. The new system allows users to customize the synchronization speed of the array according to their needs.
  • Data Scrubbing
    Data scrubbing is the process of modifying or removing incomplete, incorrect, inaccurately formatted, or duplicated data in a database. Data scrubbing improves data consistency, accuracy,and reliability.
  • File System Defragmentation
    File system defragmentation can reorder, optimize and organize scattered data fragments, thereby improving the efficiency of disk data reading and writing.
  • File System Compression
    Once file system compression is enabled, data stored to TNAS will be automatically compressed to save storage space. Users can customize the compression level. The higher the compression level, the higher the compression rate and the more space saved, but the slower the writing speed.
  • SSD Cache Array
    Failure of an SSD serving as a cache will risk data loss. Users of TOS 5 can set up an array for multiple SSD caches, such as RAID 1 for 2 SSDs, even if one SSD fails, it will not affect the normal operation of the cache, thereby reducing the risk of data loss.

New Photo Management Tool with AI-Powered Cataloging and Identification – (Still in Beta at time of writing)

Terra Photos is a smart photo management application. Through the AI ​​algorithm, Terra Photos can recognize and classify the faces, pets, things, and scenes of the photos in the specified directory, which is convenient for you to sort, classify and share the photos through the graphical interface. Terra Photos is the ideal photo management tool for home users, photographers, and creative agencies.

  • AI face recognition
    Terra Photos has a built-in AI algorithm that can automatically recognize and classify faces with an accuracy rate of up to 80%. For wrongly recognized faces, Terra Photos also provides manual correction methods to provide greater convenience for photo management.
  • Broader AI applications
    Not only face recognition, Terra Photos can also automatically identify dozens of categories such as pets, objects, landscapes, sports, vehicles, and flowers by enhancing AI operations. Terra Photos provides users with smarter management tools, greatly increasing the usefulness of photo management.
  • Geographical Classification
    By integrating the GPS location information of photos through map resources, Terra Photos can also automatically categorize your photos by geographic location, making it easier for you to quickly query your photos.
  • Take into account personal privacy and sharing
    Terra Photos adopts a separate storage strategy for personal photos and shared photos of family members. The two kinds of photos are stored in directories with different access rights, which helps to protect personal privacy and facilitates the sharing of photos between family members or business customers. share with each other.
  • Flat UI
    Terra Photos uses a flat user interface to flatly display the user’s commonly used categories in the first-level directory, such as photos, albums, videos, people, pets, objects, locations, recently added, and favorites, which is more conducive to users to quickly browse and find target photo.
  • More flexible management strategies
    Terra Photos’ flexible query filtering strategy can begin to help you filter out the photos you want by combining the name and time of the photo, with the combination of the year, month, day, and ascending and descending order.
  • Share happiness and creativity
    Terra Photos provides users with sharing tools, you can choose to create photos or share albums and flexibly formulate sharing strategies, sub-defining sharing titles, sharing links, effective time, access passwords, download permissions, etc. Terra Photos provides an easier way for home-sharing or business client sharing.

Surveillance Manager for Adding and Monitoring Multiple IP Cameras on a Live feed on Your  Terramaster NAS

Security Camera Icon Png #129985 - Free Icons Library

Surveillance Manager is a video surveillance management tool. Through Surveillance Manager, you can build a video surveillance system with multiple IP cameras and TNAS, connect your cameras through ONVIF protocol, manage cameras, view real-time recordings, view historical recordings, and store the recordings of network cameras directly in TNAS to specify storage location.

  • Simple to Use
    Surveillance Manager uses web browsers for configuration and management. The recording device does not need to be connected to a monitor, and any computer in the network can log in to the system to view the recording.
  • Good Compatibility
    The surveillance Manager adopts the general ONVIF protocol and can adapt to most general-purpose cameras. It supports the automatic camera search, which simplifies the connection configuration of the cameras
  • Suitable for Medium-sized Users
    The surveillance Manager can connect dozens of cameras at the same time and support multi-channel recording. Suitable for families and small and medium-sized business users.
  • Multi-channel Real-time Monitoring
    The surveillance Manager supports multi-channel real-time monitoring. The screen display layout of monitoring can be customized, and the screens can be switched with one click.
  • Timeline Rollback
    Roll back the recorded video by dragging the timeline or customizing the time period, making it easier to view historical events.
  • Recording Schedule
    The surveillance Manager supports custom recording schedules and activity-triggered recordings to increase storage space utilization.
  • Form Recording Storage
    The recorded video is classified and stored according to the camera and time, which is convenient for quick query and download

New iSCSI Manager Application to Manager Larger Storage on your Terramaster NAS

Terramaser NAS is widely used as a storage device for virtualized computing. With TerraMaster iSCSI Manager, you can create multiple iSCSI targets and LUNs on your TNAS, and customize the capacity, permissions, and connections through a graphical interface to meet your storage space requirements in different virtualization environments.

  • Custom ISCSI Target IQN
    Using iSCSI Manager, create multiple iSCSI targets on your TNAS and customize IQNs to help you easily identify. You can also choose to enable authentication or mutual authentication for the iSCSI Target to increase access security.
  • Customize network management policies
    To improve network utilization efficiency, you can designate a dedicated network interface and channel for the iSCSI Target to separate the iSCSI Target’s network from the networks of other services. To optimize the transfer efficiency of the iSCSI Target, you can also limit the maximum fragment size in bytes transmitted and received.
  • Multiple session connections
    In order to adapt to complex virtualization application scenarios, iSCSI Manager allows users to enable multiple session connections from one or more initiators for iSCSI Target. Note: Multiple session connections provide flexible connection methods for initiators, but improper settings may put your data at risk! Make sure you use multiple session connections in a cluster-aware file system.
  • Balance performance and flexibility
    You can create multiple LUNs and mount them to the iSCSI Target you specify. iSCSI Manager provides Thick provisioning and Thin provisioning configuration strategies for LUN storage space. Thick provisioning can provide better storage performance, in contrast, thin provisioning can provide more flexible storage space utilization.
  • Safer protection
    Combined with the Snapshot technology, you can take snapshots of LUNs to prevent data loss caused by misoperations or accidents. Note: Snapshots are not supported for LUNs under the Thick provisioning configuration.
  • Initiator access control
    By default, all connected initiators in iSCSI Manager have read and write permissions to LUNs. You can also customize access permissions for each initiator to meet the needs of various occasions.
  • Low-capacity write protection
    When the storage space of the LUN is about to be exhausted, if the initiator continues to write data to the LUN, the LUN may be destroyed. For this reason, iSCSI Manager has specially designed the low-capacity write protection function. When the LUN is in low capacity, it will prevent the initiator from continuing to write data for protection.

New CloudSync Tool for connecting your 3rd Party Cloud Services and Remote Servers in TOS 5

CloudSync is a cloud drive synchronization application for fast and secure data synchronization between your TNAS and cloud drives. It is a very practical and efficient one-stop cloud drive disaster recovery solution. Different from previous versions, in TOS 5, we have integrated the synchronization of various cloud drives into one application, which is more convenient for users to use. At the same time, we have also redesigned the application layout, added some features, and optimized the user experience.

  • Support multiple cloud drives
    CloudSync integrates a variety of mainstream cloud drive synchronization functions in one application, including Google Drive, OneDrive, Amazon S3, Dropbox, Baidu, Alibaba Cloud, etc. It only needs to manage one application to meet different cloud drive synchronization management.
  • Multiple synchronization strategies
    CloudSync provides users with two-way and one-way synchronization strategies. Two-way synchronization can meet the flexible needs of data utilization, and one-way synchronization can meet the focus of data protection and increase data security.
  • Data leakage prevention strategy
    In order to improve the protection of sensitive data, CloudSync supports data encryption. You can encrypt the data before synchronizing it to the cloud drive, and then decrypt the data after synchronizing it back to TNAS to prevent data leakage on the cloud drive.
  • Scheduled Tasks
    According to usage scenarios and business requirements, users can set the execution time of synchronization tasks by themselves to avoid the busy time of business operation.
  • more flexible configuration
    In order to meet more customer needs, CloudSync also supports various flexible configurations such as synchronization bandwidth limit, file size limit, synchronization file type limit, synchronization frequency, etc.
  • In full control
    CloudSync not only provides users with a detailed synchronization task configuration history, but also provides a list of millions of file backups and transfers, allowing you to monitor the backup progress and various exceptions throughout the process.

Terramaster Duple Backup Deduplication Management Tool in TOS 5

Duple Backup has not been released an official version before TOS 5 and has been developing and testing it. In TOS 5, we have redesigned Duple Backup. The new Duple Backup has optimized the user interface, added some features, and improved the user experience. Duple Backup has powerful backup and restore functions, and is a disaster recovery tool designed to strengthen the data security of TNAS devices. To prevent data loss due to TNAS device hardware failure or system failure, through Duple Backup’s intuitive user menu, you can back up important folders or iSCSI LUNs in TNAS to multiple destinations (such as remote TNAS devices, file servers, or cloud disks) ), and supports multiple backup strategies of incremental backup and multi-version backup. The backup and restore process is very simple and intuitive, and can quickly restore lost data in the event of a device failure.

  • Various backup objects
    The backup object of Duple Backup can be the shared folder in TNAS or the specified file directory. Not only that, it can also back up the iSCSI LUN and the configuration of the iSCSI LUN in the TNAS device to meet the needs of backing up the data in the TNAS.
  • Multiple destinations
    According to business needs, you can choose up to 4 different backup destinations for the data in TNAS, such as: another TNAS device, file server, WebDAV server, various mainstream cloud disks. With the Duple Backup Vault client, using two TNAS devices for mutual backup can greatly simplify the backup configuration process.
  • Multiple backup strategies
    According to business requirements and storage resource configuration, you can select incremental backup or multi-version backup strategies for backup tasks to improve storage space utilization.
  • Secure data transfer
    Taking data security into full consideration, Duple Backup uses SSL certificate encryption throughout the backup task to ensure the security of data transmission.
  • Efficient transmission
    In order to improve backup efficiency, before performing backup tasks, data is compressed and then transmitted, and the maximum compression rate can be as high as 30%, which not only reduces the user’s network bandwidth usage, but also saves storage space and reduces customers’ IT investment costs
  • Restoration is easy
    Through an intuitive graphical interface, Duple Backup provides suitable restoration methods for different destinations. When an accident occurs, users can use Duple Backup’s restoration tool to restore data in a very short period of time to reduce losses caused by disasters.
  • 3-2-1 Backup Strategy
    In order to prevent data loss in the event of an accident, the 3-2-1 backup strategy is widely adopted by many users, that is, to keep at least 3 backups of data, 2 of which are stored on different devices, and at least 1 is stored in a different place. Duple Backup, as a backup tool specially designed for TNAS, is ideal for a 3-2-1 backup strategy.
  • In full control
    Duple Backup not only provides users with a detailed backup and restore task configuration history, but also provides a list of millions of file backups and transfers, allowing you to monitor the backup progress and various exceptions throughout the process.
  • Suitable for a variety of applications
    Duple Backup is not only suitable for home users, but also for business users with multiple offices or branch offices. With local backup and off-site backup of branch offices, it can provide reliable security for data.

Improved Snapshot Management and Services Added in TOS 5

TerraMaster Snapshot is a disaster recovery tool developed based on the BTRFS file system. Take snapshots of shared folders or iSCSI LUNs and quickly restore data after a disaster by taking advantage of file system features. In TOS 5, Snapshot has been redesigned to add more features and improve the user experience.

  • Filesystem level snapshots
    TerraMaster Snapshot is a snapshot tool based on the BTRFS file system. The Btrfs file system introduces advanced storage technology and snapshot technology to provide flexible and efficient data protection and recovery tools while improving high data integrity.
  • Save your time and space
    The TerraMaster Snapshot snapshot function is based on COW (copy-on-write), so snapshots can be created almost instantaneously, and they take up almost no space when they are first created, greatly increasing the utilization of space and time. It can be said to be a perfect snapshot solution.
  • Virtualization disaster recovery
    TerraMaster Snapshot can provide a good disaster recovery solution for virtualized storage space by taking snapshots of shared folders or iSCSI LUNs, whether it is virtualized storage through NFS or iSCSI.
  • Higher snapshot performance
    TerraMaster Snapshot can create up to 1,024 snapshots for each shared folder and up to 65,536 snapshots for the entire system, providing you with adjustable, storage-saving data protection capabilities to meet stringent snapshot performance requirements.
  • Efficient snapshot rollback
    The snapshot file resides in the same storage space as the subvolume, and you can browse it like a normal directory and restore a copy of the file as it was when the snapshot was taken. TerraMaster Snapshot arranges snapshots through a timeline, combined with an intuitive graphical interface, when you need to restore a snapshot file, you only need a few mouse clicks to roll back the snapshot to the version you need.
  • Remote incremental backup
    Generating snapshots on the same storage space as the snapshot subvolume is not an ideal backup strategy, and if the hard disk fails, the snapshot will be lost. TerraMaster Snapshot can send snapshot copies as incremental backups to an external hard drive or to a remote storage system via SSH (the backup destination also needs to use the BTRFS file system) for increased data security

Complete Remote System Access Tool in TOS 5 – Security Isolation Mode

For users who pay great attention to data security but do not need to use external network resources, TerraMaster has added a new security tool in TOS 5 — Security Isolation Mode. At present, hackers and ransomware are raging around the world, and a large number of customers’ precious digital assets are under unprecedented threat. TOS 5’s unique Security Isolation Mode can provide users with a safe and reliable operating environment, isolate external risks, and protect digital assets from infringement.

  • Kernel security level
    Through the digital signature based on the kernel level, once the security isolation mode is enabled, any programs that have not been signed by the system will be blocked from running, effectively preventing viruses or malicious code from running.
  • Self-isolation
    The Security Isolation Mode can effectively prevent illegal in-stack and out-stack access to the external network through the self-established isolation barrier, only allow legal access in the local network, and protect the system from external malicious attacks.
  • Secondary advanced protection
    In order to prevent security barriers and system protection measures from being attacked and tampered with, the Security Isolation Mode adopts secondary password verification protection. Deleting or modifying all configuration information related to security protection measures requires password verification again, effectively preventing hackers from damaging the barrier.
  • Strong blocking
    Any code based on Java, php, or Python will be blocked from execution, effectively preventing the system from being injected with malicious code to threaten data security.
  • Scenes to be used
    . Enterprises or organizations that are extremely sensitive to data security;
    . External network services that need to be closed and isolated, do not need to access the external network or provide remote access;
    . Only use TNAS to provide file storage, no need to run web pages, databases, mail services, virtual machines, and other applications;
    . Applicable industries: military, judicial, electric power, scientific research, medicine, and other industries

New Terramaster Flexible RAID System – TRAID

TRAID is the abbreviation of TerraMaster RAID. TRAID is a flexible disk array management tool developed by TerraMaster. It has features such as the automatic combination of disk space, hard disk failure redundancy protection, and automatic capacity expansion. All these features do not require manual configuration by the user, and the system will automatically complete the configuration according to the properties of the hard disk. TRAID provides users with an optimized, flexible and elastic disk array management solution, especially suitable for new users who are not proficient in how to configure a disk array. Once you have selected TRAID as your array type, you cannot convert TRAID to a traditional array type unless you delete and recreate the array. If you want to manage the array type manually, it is recommended that you use the traditional type when building your array, such as Single, RAID 0, RAID 1, RAID 5, RAID 6, RAID 10, etc. Below is our description of how TRAID works and a demonstration of me mixing a bunch of drives in a single RAID, one by one.

Improved Backup Management Tool in TOS 5 – Centralized Backup

Centralized Backup has not released an official version before TOS 5, and has been developing and testing it. In TOS 5, we have redesigned the Centralized Backup. The new Centralized Backup has re-optimized the user interface, added some functions, and improved the user experience. Centralized Backup is a professional disaster recovery tool specially developed for business users. By using Centralized Backup, company IT managers can use TNAS as the central backup server, without having to configure each host separately, and use TNAS as the initiator to centrally back up the storage space of internal employee computers, workstations, servers, virtual machines, or even is the system partition.

  • Developed for business users
    For business users, data security is extremely important, and for IT administrators, it is a huge challenge to make timely backups of various servers and be able to manage the personal computer data of multiple employees. Centralized Backup combines the needs of business users to provide a centralized active-backup solution.
  • Multi-purpose machine
    By running Centralized Backup on a TNAS device, only one TNAS device can be used to meet the backup requirements of the enterprise for employees’ computers, servers, file servers, virtual machines, and workstations, greatly reducing the enterprise’s IT investment costs.
  • Employee computer backup
    Different from general backup tools, Centralized Backup does not require employees to participate in the backup process. IT administrators can initiate backup requests from the server through Centralized Backup’s PC backup module, and can actively back up folders on hundreds of employees’ computers. , disk partition, or system partition. Centralized Backup can greatly protect digital assets scattered on employees’ computers, and can greatly reduce the workload of IT administrators.
  • Server backup
    The server is the central nervous system of an enterprise’s digital information. The server not only runs a variety of application environments such as OA, CRM, and ERP that support business operations, but also stores important business data. Through the server backup function of Centralized Backup, IT administrators can simultaneously backup systems and data of multiple servers to TNAS. When an accident occurs, the abnormal host can be quickly restored, greatly reducing the impact of equipment failure on the business.
  • File server backup
    The file server is the storage center of enterprise digital assets. Disasters such as unexpected power outages, equipment failures, and system failures may lead to the loss of precious digital assets. Through the file server backup function of Centralized Backup, IT administrators can back up the file directories of multiple file servers to TNAS, reducing the risk of data loss in the event of a disaster.
  • Virtual machine storage backup
    Centralized Backup supports storage backup of VMware Vshpere and Windows Hyper-V virtual machines. Through the virtual machine backup function of Centralized Backup, the backup of multiple virtual machine clients can be initiated from TNAS.
  • Multi-version restore
    Centralized Backup provides the backup target multi-version management function. When a disaster occurs, IT administrators can roll back the time of the repository to find the correct backup version to restore to the specified destination host.
  • In full control
    Centralized Backup not only provides users with detailed backup and restore task configuration history, but also provides millions of logs, allowing you to monitor the backup progress and various exceptions throughout the process. By enabling the notification function, administrators can keep track of the progress status of backup and restoration in a timely manner.

TFM Backup for Internal Backup and Folder Synchronization

TFM Backup is the abbreviation of TerraMaster Folder Mirror backup. TFM Backup is a dedicated backup tool for TNAS shared folders developed by TerraMaster. Through TFM Backup, you can easily backup the shared folders in TNAS to other local folders. Storage location or a remotely mounted folder. TFM Backup has mirror backup and differential backup to choose from, and users can realize automatic scheduled backup by configuring backup schedule tasks. TFM Backup provides users with a simple and flexible backup solution for backing up data in TNAS.

  • Improve disk space utilization
    Traditional RAID 1 disk arrays use redundancy to mirror the data of one disk to another disk, which can effectively avoid the risk of data loss due to disk failure. But a RAID 1 disk array requires at least 2 disks, that is, in a RAID 1 disk array, at most 50% of the effective disk storage space is available. For some users, not all data is important data, and it may not be necessary to mirror the entire disk data. Before TerraMaster launched TFM Backup, RAID 1 array seemed to be the only choice when users made mirror backups of data on disks. Now, users can choose to use TFM Backup to selectively do mirror backup, which can increase the utilization of disk space while ensuring data security.
  • Flexible backup strategy
    TFM Backup has two backup strategies: mirror backup and differential backup. In the mirror backup mode, the backup source data is always consistent with the destination data, which can reduce the work of data management; in the differential backup mode, the newly added or modified data is backed up, even if the source data is deleted, the destination The data always retains the last backup version, which can effectively avoid the loss caused by misoperation.
  • Custom backup plan
    TFM Backup provides a customizable backup plan, and you can customize the backup time, period, and frequency. You can perform backups during less busy periods according to business needs to avoid disruption to normal business.
  • Multiple backup tasks
    TFM Backup supports multiple backup tasks. You can use TFM Backup to create multiple backup tasks for multiple folders with different backup policies and destinations, and configure different task schedules for each task to meet the backup needs of different file types in various application scenarios.
  • Flexible backup destination
    The backup destination of TFM Backup can be in a different storage pool, a different volume, or a different device (using a remotely mounted folder). To avoid data loss caused by disk hardware failure, it is recommended to set the backup destination to a volume in a different storage pool.

Improved System Storage Searches with Terra Search

For some medium or large institutions, finding the required information from the vast amount of stored literature can be a big challenge. Terra Search’s file content search capabilities can help you overcome this challenge. Terra Search can quickly find all kinds of mainstream documents containing search keywords by establishing a database and search engine, which greatly improves the work efficiency of employees.

  • Customized for industry applications
    Terra Search is specially developed and customized for business users, and has the characteristics of flexibility, speed, practicability and wide application. Terra Search is suitable for institutions and enterprises that need to manage a large number of documents, such as libraries, judiciary, hospitals, scientific research, military, government, etc.
  • Powerful search engine
    Terra Search has a built-in powerful search engine, combined with a large database, it can easily handle millions of document management and content search, and can search hundreds of target files per second (related to the hardware performance of the TNAS device).
  • Applicable to a variety of documents
    It is widely compatible with documents in various mainstream formats, such as office documents, text files, pdf, photos, music, e-books, web files, program codes, etc., to meet more than 90% of business users’ common file search needs.
  • Image text content recognition
    Terra Search has a built-in automatic recognition function of image text content, which can quickly identify text in multiple languages ​​in images. The supported image formats include jpg, gif, jpeg, png, tiff, tif, etc.
  • Custom search criteria
    In order to increase search efficiency, Terra Search also provides user-defined search conditions. Users can add search conditions such as file name, extension, title, owner, creation time, etc. according to their needs.
  • Custom search directory
    By setting specific search directories and file types, users can limit the scope of the search, and improve search flexibility and search efficiency.
  • Search result preview
    Terra Search provides a preview function of search results. Even for pictures, you can view the search results of pictures and texts through the preview window, and quickly screen accurate search results.
  • Category display
    Through the flattened category display of the search page, users can screen documents, pictures, applications, and videos from the search results, making the search results clear at a glance.

Improved VPN Service Support with VPN Server in TOS 5

VPN Server provides you with an easy-to-use VPN solution, which can set up a TNAS device as a VPN server to allow other devices to remotely connect to TNAS through a private channel to ensure data communication security. Multiple devices connected to the VPN Server can form an interconnected network through private channels.

  • Supports multiple VPN protocols – TerraMaster VPN Server supports PPTP, OpneVPN and L2TP/IPSec protocols, which can adapt to different network environments and meet your different business needs.
  • Multiple authentication methods – VPN Server supports PAM and LDAP authentication, can connect with local users and domain users, and supports PAP, MS-CHAP, MD5, SHA, RSA and other authentication methods to ensure the privacy of private channel connections.
  • Real-time network I/O monitoring – VPN Server uses graphs to monitor the network I/O of each VPN connection in real-time, allowing you to know the status of online devices and the I/O load of the network in time.
  • Simple operation interface – VPN Server uses a flat menu, each VPN connection is managed separately, and the advanced setting items use the default options to avoid troubles for users due to complicated configuration options. It is simple, intuitive, and very suitable for home users and small and medium-sized buisness users.
  • Log tracking – VPN Server provides a complete operation log and execution log, which is convenient for you to understand the operation history and the connection status of the VPN service, which can help you to quickly troubleshoot the fault.

How to Upgrade to Terramaster TOS 5 from TOS 4 – What You Need To Know?

Upgrading to TOS 5 is not as straightforward as other firmware updates and there is an element of complexity that, if done wrong, might result in re-initialising your system and formatting your storage/data, so follow the steps below VERY carefully! Please follow the guide below to install the new TOS 5.0 system

Must read before installation!

1.Since the root file system, storage path, application installation location, and startup method of TOS 5.0 are different from those of the previous version, you cannot directly update to TOS 5.0 from the current version, but need to reinstall the system.

Reinstalling the system will theoretically not delete the data on your hard drive, but for safety consideration, please back up your data in advance.

  1. The new TOS 5.0 system is only applicable to the x.86 series of TNAS models (220 series, 221 series, 420 series, 421 series, 422 series, 423 series);
  2. Your current TOS version need to be 4.2.32 or above;

  3. TNAS PC needs to be 5.0.19 or above, otherwise, it may not work properly;

  4. TNAS Mobile needs to be 5.0.1 or above, otherwise, it may not work properly. Note: Currently, TNAS Mobile is only available for iOS, and the Android version will be released soon, please pay attention to our update news.

How to install TOS 5.0?  

  1. Download the TOS 5.0 installation package;
  2. Log in to your TOS, go to Control Panel > General Settings > Factory Default, tick “Reset to Factory default” and click “Apply” to clear your system;

  3. Your TNAS will automatically restart and enter the initialization guide page; if you cannot enter the initialization page, please use the TNAS PC to search for your TNAS again, and enter the IP address of your TNAS in the browser address bar;

  4. Select the “Custom” mode during the initialization process, upload the TOS 5.0 installation package, and wait for the installation to complete;

  5. After the system installation is completed, the system will automatically restart; Then, follow the instructions on the page to complete the administrator settings;

  6. After the system is installed, you need to clear the browser cache, otherwise some system pages may not be displayed correctly.

Installation packages download link:

  1. TOS 5.0:https://download2.terra-master.com/TOS_X642.0_5.0.120_00154_2206121730.ins
  2. TNAS PC for Windows OS:https://download2.terra-master.com/TerraMaster_TNASPC_for_win_V5.0.22.zip

  3. TNAS PC for macOS:https://download2.terra-master.com/TerraMaster_TNASPC_for_mac_V5.0.22.dmg

  4. TNAS Mobile for iOS:It will be published later.

 

📧 LET ME KNOW ABOUT NEW POSTS 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,263 other subscribers


Get an alert every time something gets added to this specific article!


Want to follow specific category?

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

Terramaster NAS TOS 5 Beta Now Publicly Available

14 mars 2022 à 01:11

Latest Terramaster NAS TOS 5 Software Now Available to Test in Beta


If you are a terramaster user and have been wondering what the brand has had in store for it’s software in 2022, it would appear that they have been working busily on a host of improvements, upgrades and new features for the latest version of their NAS System, TOS 5. Now terramaster users are able to try out some of the new features and services that are included that range from a new self-isolation mode, to flexible RAID configurations, AI Photo recognition, Docker, Surveillance support and improved client sync applications. Remember, this is still a Beta and therefore you should not upgrade the firmware on your mission-critical system with this less stable beta! The TOS 5 beta is intended as a means of getting feedback from users on what works, what doesn’t;t and ultimately to help ensure the full release of TOS 5 is the best it can possibly be. So if you do want to test out TOS 5, get your backups in order first! Let’s discuss what is new and improved in TOS 5!


Note – We originally previewed an earlier build of Terramaster TOS 5 Alpha in the video HERE on the NASCompares YouTube channel. LOADS more features have been added since this original alpha preview and we will soon be deep-diving into this newer Beta release very soon. Below is what Terramaster say is included in the new TOS ver.5 Beta. The original press release can be found here with further details, alongside existing features of TOS that will also remain and/or be improved upon in TOS 5 – HERE.


(from the official Terramaster new pages below)

New Features & Improvements in Existing Services


In TOS 5, not only have the storage structure and data interaction mode been reconstructed but also, compared with the previous generation, it adds more than 50 features and 600 improvements. The new features meet more business requirements, as well as significantly improve response speed, security, and ease of use.

Browser Access to TOS is Now 3x Times Faster


TOS 5 adopts progressive JavaScript language and a lightweight framework with faster loading speed. TOS 5 features bidirectional data binding, easier data manipulation, and automatic synchronous response to data changes in the page; UI, data, and structure separation makes it easier to change data without the need to modify logic codes. Using progressive JavaScript language, TOS 5 has a more lightweight framework. In addition, through two-way binding of data, the view, data and structure are separated. When the page is operated, it automatically responds to changes in data, which makes the system “lighter” and achieve faster loading speed.



New caching technology avoids network round trips between the server and the database, bypasses the calculation that occupies resources, saves server resources, and improves response time and waiting time, so TOS 5 has the fastest response time in the current TOS family. Compared with the last generation, the TOS 5 response speed has increased by 300%! Use WASM to optimize the calculation method and execute the back-end complex calculations on the front-end, thereby reducing the calculation pressure on the server. In addition, TOS 5 uses the most popular back-end language at the moment, which can support high concurrent requests. Compared with traditional interpreted languages, the compilation speed is faster. Further information on the newest version of TOS and how the GUI has been redesigned can be found HERE.

Improved Resource Monitor in TOS 5


The new iconic resource monitor board allows you to grasp the operating status of your TNAS comprehensively and intuitively in real-time; at-a-glance visibility of system load, CPU and memory usage, network traffic, disk I/O, device temperature, storage, processes, online users, listening ports, and system resource occupancy. Historical records of up to 30 days can be easily traced back.


Full One Button System Isolation Mode Available in TOS 5


TerraMaster’s unique security isolation mode completely isolates your TNAS device from the external network through network isolation, digital signature, and file format restriction, providing a safer operating environment and effective protection against virus and ransomware attacks.

Support of the WORM File System in TOS5


Data can be written at one time within the customized protection period and cannot be deleted or modified. This effectively protects your data from malicious damage, deletion, or tampering and provides data protection for up to 70 years; essential for the financial, judicial, medical, and scientific research sectors, as well as other business users.

Improved Storage, Backup & Sync Features in Terramaster TOS 5


TOS 5 features optimized storage architecture to reduce the system space occupation. The file deduplication system, file system compression, TRAID elastic array, and other functions also save you up to 40% of storage space

Single Portal Folder Level Backup for Home and SMB Users


Reduce complexity and embrace simplicity. All backup needs can be completed through a single portal, providing one-stop backup solutions including Central Backup, TerraSync, Duple Backup, Snapshot, USB Copy, CloudSync, and other comprehensive backup tools. This meets your clients’ disaster recovery and restoration requirements, as well as backup policies and destinations.

Business Focused ProActive Backups for Larger Business


To improve management efficiency, medium and larger-sized businesses need a centralized and active backup solution for multiple users, PCs, and servers. Centralized Backup is a business-oriented backup solution that supports backup and restoration for multiple device types. You can centrally backup data of dozens or even hundreds of PCs, servers, or virtual machines with only one TNAS.


New Flexible RAID Support in TRAID in TOS 5


By optimizing the traditional RAID mode, TerraMaster RAID (TRAID) gives you flexible disk array configuration, flexible online migration, capacity expansion, and redundancy policies. As well as improving disk space utilization, it also provides solutions and security protection for storage space changes caused by new business requirements. Much like Synology Hybrid RAID (SHR) in that you can mix drive capacities for improved storage after the RAID redundancy calculation. I reached out to Terramaster directly on this and they confirm that this function is supported in TOS 5.

Multiple Client Sync with TerraSync in TOS 5


TerraSync, a TerraMaster self-developed synchronization tool, realizes data synchronization between multiple users and multiple devices. It efficiently implements data sharing among branch offices and data synchronization between individuals on multiple devices and platforms, which assists employees in collaborative work and improves work efficiency.


New CloudSync Application for Bare Metal-to-Cloud Live Sync in TOS 5


The new CloudSync app integrates multiple cloud drives and syncs them into one application, including Google Drive, One Drive, Amazon S3, Backblaze, Box, Dropbox, Koofr, OpenDrive, pCloud, Yandex disk, and Aliyun. This allows users to centralize the management of multiple synchronization tasks and add a variety of cloud disk synchronization options including Aliyun and Rackspace. A more flexible, stable, and efficient solution for data synchronization between your TNAS and cloud drives is facilitated by your choice of customized synchronization strategies, such as traffic control, scheduled tasks, and encryption.

CCTV Surveillance in Terramaster TOS 5


TNAS is an ideal video recording storage device. The new Surveillance Manager makes full use of TNAS storage resources to realize camera management, real-time monitoring, video storage, playback, query, event and activity monitoring and recording, providing you with economic and flexible video monitoring management tools to safeguard your personal and property safety.


AI Photo Recognition Now Available in TOS 5 with Terra Photo


Terra Photos is TerraMaster’s brand-new AI photo management application that provides smart solutions for your photo management and sharing; it uses intelligent AI algorithms to identify and classify faces, pets, locations, and other objects in your photos.


Docker Added to Existing Container Tools in TOS 5


Combined with docker-compose and portainer, the new Docker Manager features an optimized operation interface, with multiple new features which provide visual management that meets all your requirements for container customization and flexible configuration.


New Update to Terramaster’s Mobile App, TNAS Mobile 5


To adapt to TOS 5, TNAS mobile has also ushered in a comprehensive update, TNAS mobile 5. Featuring an optimized user interface and interaction, it has also added mobile phone backup, photo management, personal folders, team folders, data safebox, TerraSync, remote administrator, and other functions, which provide more convenience for remote access, mobile office, and remote management of your TNAS.


 

How to Access the Terramaster TOS 5 Beta?


Before starting the test, please be sure to read the following precautions carefully.


Precautions:

  1. A beta version is an early version of a program that contains most of the main features, but is not yet complete and may have some defects. This version is only released to a select group of people, or to the general public, for testing and feedback;
  2. The Beta version is not suitable for use in work or production environments. If your TNAS device is running business or storing important data, please do not participate in this test;
  3. The root file system, storage mount path, application storage location, and startup mode of TOS 5 are different from those of other versions. You will not be able to install TOS 5 through an update, but will need to reinstall the system. Reinstalling the system normally will not delete the data on your hard disk, but for safety, please be sure to back up your data in advance;
  4. The Beta version released this time is only applicable to TNAS models in X.86 series (220 series, 221 series, 420 series, 421 series, 422 series);
  5. Your current TOS version must be 4.2.09 or higher;
  6. TOS 5 Beta requires a new version of TNAS PC (Windows OS: V5.0.4 / macOS: V5.0.4) and TNAS Mobile (Android: V5.0.1 / iOS:V5.0.1).

Download link:


TNAS PC for Windows OS:    https://download2.terra-master.com/TerraMaster_TNAS PC_for_win_V5.0.4.zip
TNAS PC for macOS:    https://download2.terra-master.com/TerraMaster_TNAS PC_for_Mac_5.0.4.dmg
TNAS Mobile for Android: It will be published later.
TNAS Mobile for iOS: It will be published later.


How to install TOS 5 Beta?

  1. Download the TOS 5 Beta installation package:  https://download2.terra-master.com/TOS_X642.0_5.0.50_Beta_00063_2203071918.ins
  2. Log in to your TOS, go to control Panel > General Settings > Update & Recovery > Restore to Factory Defaults, select “Restore to Factory Defaults” and click “Apply” to clear your original settings;
  3. Your TNAS will automatically restart and enter the initialization guide page; If the initialization page is not displayed, please search the NAS IP address by TNAS PC, and enter the IP address in the browser’s address bar to access;
  4. Please select “Manual Installation”, upload the downloaded TOS 5 Beta installation package, and wait until the installation is complete;
  5. The system will automatically restart when TOS 5 Beta is successfully installed. After the system restarts, set the administrator settings as instructed to complete the system installation;
  6. After the system is installed, clear the browser cache. Otherwise, some system pages may not be displayed correctly.

Bug reports


As the Beta version is an early version of the program, there may be some defects, please do not pass the bugs of the Beta version to the public to avoid causing unnecessary trouble to others.
If you’d like report a bug, please send the description, reproduction method and screenshot of the bug to the email address: [email protected]


 

📧 LET ME KNOW ABOUT NEW POSTS 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,460 other subscribers


Get an alert every time something gets added to this specific article!


Want to follow specific category?

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR ANY OTHER NAS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

Updated Guide to Installing KODI on Your QNAP NAS in 2022

9 mars 2022 à 01:38

A Step by Step Guide to Getting Kodi on Your QNAP NAS – UPDATED


Despite the growing popularity of third-party multimedia streaming services such as Netflix, Disney plus and HBO Max, there is still a solid demand by users to enjoy the media they own from the comfort of the sofa in a digital, disc-free environment. Whether it is because we have hundreds of DVD and Blu-ray discs cluttering up shelves or a drawer full of hard drives brimming with good TV to watch, some users resent having to pay subscription services for media they may already own or end up spending hundreds of pounds a year on media they do not own, with its removal and availability changed on a whim. It is for reasons like these that many users look into purchasing a solid network-attached storage (NAS) drive from brands such as QNAP in order to enjoy the media they own, while still enjoying slick graphical user interfaces GUI offered that is comparable to Netflix and Prime Video. One application that has been in allowing users to enjoy the media they own for many years is KODI, a media centre application with thousands of addons, unparalleled codec+format support and one of the easiest user interfaces to navigate and customise. Sadly, in recent years less scrupulous individuals have taken advantage of the flexibility of Kodi in order to play copyrighted material found online illegally and stream from less than legal sources to watch new multimedia. Because of this, Kodi was largely shunned by most well-established app stores and is no longer available to be directly downloaded from the NAS application centre in 2022. However, that does not mean it is impossible to still use and in fact, there are multiple versions of Kodi you can use, as well as add-ons to connect with your streaming services and even access other multimedia services available that are installed on your QNAP NAS (Plex, Emby, Twinky, etc). So today I want to walk you through how to install Kodi on your QNAP NAS and start watching your media from your sofa today.


Below is your checklist to make sure you have before beginning the installation of the Kodi HD Station application for HDMI.

  • QNAP NAS with an Intel/AMD CPU
  • HDMI Port (1.4 or 2.0a)
  • QTS Upgraded to QTS 4 or later
  • Latest Version of HD Station
  • Control Device for HDMI, ie IR Remote, Keyboard+Mouse,
  • Access to the Internet (can be disabled after if you prefer) and access the NAS via the Web Browser GUI (Graphical User Interface, ie The Desktop of QNAP NAS)

Let’s get started.

KODI on QNAP NAS Gude – Step 1 – Installing Applications


Head into the App center on your QNAP NAS, via the web browser GUI:


KODI on QNAP NAS Gude – Step 2 – Installing QNAP HybridDesk Station / HD Station


If you QNAP NAS has an HDMI output, an option will be available on the left-hand side, labelled ‘HybridDesk Station’. Go ahead and click it to enter a new window. From here you need to click the JybridDesk Station ‘install’ option. You may well also be asked to install one of the other HD Station applications, that is up to you (none are essential to KODI)


KODI on QNAP NAS Gude – Step 3 – Configuring the QNAP App Center Options


Once the HD Station / HybridDesk Station application is installed, head to the top right corner and click the cog icon (settings):


KODI on QNAP NAS Gude – Step 4 – Allowing 3rd PARTY and Unsigned Applications


In the first window that appears, put a tick in the box regarding the installations of applications without a valid signature (this means applications that are not QNAP created or partnered can be installed, such as KODI):


KODI on QNAP NAS Gude – Step 5 – Congifuring an App Repository


Then click the App Repository tab at the top of the same window, and get ready to enter the location of where yo will be downloading the KODI application from:


KODI on QNAP NAS Gude – Step 6 – Adding New App Centers


Enter the information in the boxes shown in the image below. The URL should read ‘https://www.qnapclub.eu/en/repo.xml‘. Once you have done this, click ‘add’:


KODI on QNAP NAS Gude – Step 7 – Adding the QNAP Club App List


The QNAP Club Repository should now appear in the list underneath in the previous window. If it is now there, click ‘close’.


KODI on QNAP NAS Gude – Step 8 – Finding the QNAPClub App List


On the left-hand side of the app center window, a new option should have appeared for the new app center that you have added. QNAP Club is an unofficial and Homebrew app community that creates new applications, as well as modifying existing linux/windows software to work within the QNAP NAS system. These can be used via the network, web browser or using the HDMI/KVM setup of the NAS. So, let’s install KODI.


KODI on QNAP NAS Gude – Step 9 – Finding the Kodi Application


The quickest way to find Kodi is to use the search bar at the top right of the QNAP App Center and enter ‘KODI’ and hit search. Several versions of Kodi will appear, however, it is highly recommended to opt for version 19, as Kodi v.19 (Matrix) is not only the latest release available for QNAP, but also older versions have not been extensively updated for the latest version OF HD Station / HybridDesk Station. Simply click the +install button as you normally would any other application. You may see a pop-up warning you that this application installation highlights that this is a 3rd party/unsigned application. This is so you understand that you are installing KODI at your own risk/choice and against the recommendations of the manufacturer.


KODI on QNAP NAS Gude – Step 10 – Allowing Remote Access


When the KODI application is installed, you will be able to access it from your HDMI output on the NAS (you will need a keyboard, mouse, IR Remote or network remote control such as the free QRemote application to navigate it), but if you want to configure the KODI application from your web browser, it is possible to configure HD Station / HybridDesk Station and KODI from Chrome/Safari/Edge/Mozilla etc quite easily. Head into the Control Panel option in the QNAP browser GUI.


KODI on QNAP NAS Gude – Step 11 – Accessing the HDMI Control Panel


From here, head to the Applications section at the bottom and select the HDMI Display Applications option.


KODI on QNAP NAS Gude – Step 12 – Adjusting the HDMI Defaults


A new options/config menu will appear and from here you are able to configure the HDMI output settings of your QNAP NAS. If you have alternative applications that use the HDMI out (such as Linux Station, Media Players or assigned a VM directly to the DMI), they will appear here. In order to use/view KODI via the QNAP HDMI output, you will need to ensure that the application is ‘enabled’ (so conversely, it will say ‘disable’ in red if the app is currently running, which what you want!). Then click the Settings option.


KODI on QNAP NAS Gude – Step 13 – Changing HDMI Resolution and Settings


Next you will have an HDMI settings menu. If you need to change the resolution of the HDMI output, you can change it in the top right drop down menu. However, in order to allow web browser access to the HDMI output to configure Kodi, etc, we need to tick the box labelled  Enable Remote Desktop and then click Apply.


KODI on QNAP NAS Gude – Step 14 – Accessing the HDMI Output via your Web Browser


Once you have done that, a couple of new options will appear underneath. In order to access the HDMI visual interface and GUI, click the first option Click Here to Open and a new tab will open in your web browser that displays your QNAP NAS HDMI output. If you have a specific login for your NAS, you will need to enter it first in the next window before proceeding to the HDMI GUI.

KODI on QNAP NAS Gude – Step 15 Booting Kodi and Changing Settings


From here you will have rows of icons on the screen that show the HDMI equipped applications that are installed on your QNAP NAS. If you want to run and access KODI, just go ahead and click the KODI icon and it will open the application (be warned, the first time you run the KODI application, there will be ALOT of pop up messages asking if you want to enable/disable aspects of the application). If you plan on using the KODI application exclusively for the HDMI port and want to make sure you do not need to go through the process of login in every time on the TV, as well as selecting the Kodi application manually every time, you can head into the settings menu at the top right (the cog icon) and change the defaults like this:


KODI on QNAP NAS Gude – Step 16 – Setting Kodi as the Default App


From the settings menu, select the ‘App’ tab on the left-hand side and from there, select Kodi, then at the bottom of the app options, you will see an option marked SET AUTO RUN which, when enabled, will make sure that KODI always runs via the HDMI as the default start-up application. You can also set the General Tab to remember your login details (over HDMI only) and allow KODI to always immediately be available whenever you turn your TV on and want to watch your media.


KODI on QNAP NAS Gude – Step 17 – Browser Responsiveness


The last thing, IF you are setting up your KODI application over the Web browser GUI (i.e. via your laptop or PC), then the refresh rate of what you see on screen will not be as fast/sharp as if you accessed it from the HDMI into a TV. So, do not be surprised if it seems that the responsiveness seems a little lackluster when navigating options. This only applies to accessing remotely via the web browser and won’t be the case over direct HDMI with control over a mouse+keyboard, Bluetooth mouse, IR remote or using the QNAP Qremote free mobile application to control the HDMI output. Thanks for reading this guide and I hope it helped!



 


If you need a little more information on how to install KODI on your QNAP NAS in 2022 (such as where to download the Kodi App directly, or a complete walkthrough of how to install the multimedia tool more visually, you can always use the video blow that will guide you though the process.



 


If you need any further help choosing the right NAS for your multimedia needs (whether it is Plex Media Server, Emby, Kodi or using other 3rd party media software), then please use the free advice section linked below. A genuinely free service manned by two humans (me and Eddie the Web guy) and we answer all of your questions to help you get the right solution for your needs. We do not charge anything, we do nothing with your email and although there are donation options available HERE, they are completely voluntary! Have a great 2022!


 

📧 LET ME KNOW ABOUT NEW POSTS 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,460 other subscribers


Get an alert every time something gets added to this specific article!


Want to follow specific category?

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR ANY OTHER NAS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

 


 


 

Terramaster NAS Devices Being Attacked By Deadbolt Ransomware

1 mars 2022 à 11:49

Deadbolt Ransomware Attacking NAS Drives Again – This time it is Terramaster


It pains me to make this post, but yes, Deadbolt ransomware has once again attacked NAS drives and this time the target is Terramaster devices. Although exact details on the attack vector of this ransomware are yet to be confirmed (though I will be updating this article as more information arrives), it looks like a very similar attack to those that affected Asustor last week, using very similar display methods of highlighting the means of paying the ransom, as well as similar ways that people have been alerted to it on their individual systems. Likely candidates at the time of writing point to this either being based around a UPnP weakness (similar to a previous ransomware exploit that was used) or weak network management (either in the ports used or in 3rd party applications poking holes in your firewall etc in order to facilitate remote access). As mentioned, the details are still rather murky and the first reported hit by users online was around 10 hours ago, so similarities in how people have arranged their network/system services are slowly getting pieced together. If you DO own a Terramaster NAS drive right now, I would make the following recommendations:

  • Run a Backup! But check you have not been already hit by the deadbolt ransomware and inadvertently overwrite your ‘god’ backups. I would STRONGLY recommend where possible (space/budget) running a completely new and independent backup of the whole system or at the very least your irreplaceable/mission-critical data
  • Disconnect your system from ANY internet connection unless you are 100% confident that your network security is secure (even a VPN doesn’t avoid the fact some apps and services open router ports as a necessity)
  • Check your system logs for any large number of IP login attempts. Not strictly necessary in this case as the attack vector is still unconfirmed at the time of writing, but check nonetheless
  • Power Down your device unless you are 100% confident that you are untouchable. Although deadbolt is actioned INITIALLY over the internet to push command to the system to conduct a large scale encryption command, delete the encryption key and amend the login screen to their own payment window and key entry. So, if you are BEING attacked by deadbolt ransomware, disconnecting the system from the network internet is not enough (as from THAT point, all operations are being conducted locally (ie inside the system). So power down your device until Terramaster issue a patch to close whatever this exploit is that deadbolt is utilizing
  • At the time of writing, we are still awaiting further information on the deadbolt Active Process (i.e in the task/resource monitor). When that is established, you can use SSH and a suitable command client to patch in and kill the process, HOWEVER, you should disable SSH for now if you HAVE NOT been hit, as this manner of control is how the bulk of ransomware attacks are conducted automatically
  • Change credentials for the admin account. Although TOS 5 (previewed last month here on YouTube) has the option to disable the admin account (as well as a kill switch for all remote access), the current version of TOS 4 does not have this functionality
  • Change your local network and remote access ports from the default 8000, 8080, 8001 etc to something randomized

IF your Terramaster NAS is COMPLETELY isolated from the internet (and you are 100% certain of this, eg you directly PC-to-NAS interface your system OR you run the NAS on an isolated vLAN in your network behind a bunch of layers), then you can largely ignore the above.



 


UPDATED 02/03 08:00 GMT


Since the deadbolt ransomware’s first targetted attacks yesterday, Terramaster has rolled out a new firmware update (TOS version 4.2.30) and they strongly recommend users who have not yet been affected to upgrade now. The update will be available from the usual system settings, software update menu from within the TOS web browser GUI in the window below:



Also, you can choose to manually download the TOS 4.2.30 update directly on TerraMaster official website->SUPPORT->DOWNLOAD page (see image below) here – https://support.terra-master.com/download/



It is VERY IMPORTANT that users understand the following details before they update their Terramaster NAS to this latest firmware updated version:

  • If you install this update, it WILL NOT recover/unencrypt files that have been hit by deadbolt (i.e. files that now carry the ‘.deadbolt’ encryption in their name/format. This update closes the vulnerability that allowed the deadbolt group to inject a command towards your terramaster NAS and carry out the attack.
  • If you install this update, it will remove the black deadbolt entry screen to your Terramaster NAS when accessing it via the web browser. However, in doing this, you will also lose the (arguably crap) option to recover your files by paying the ransom group, getting an encryption key and decrypting your data. Although unaffected users and those who have zero intention of engaging with the deadbolt group will be happy with this, some users who have lost mission-critical /irreplaceable data that might consider this option might want to think about this update a little further. When Deadbolt hit Asustor NAS devices last week, when Asustor issued a firmware update, they also added a small add on in the app center that allowed the end-user to still access this screen in an isolated fashion to still keep the option of getting an (arguably illegally) paid for solution to recovery.
  • Right now, users are attempting to perform recovery with deadbolt files via linux mounted drive setups. It is a painfully slow and low success % operation (as in user base) but if your data is important to you and/or/if you want to resume access to your NAS whilst keeping the encrypted data to one side, I recommend removing the HDD/SSD media (keep track of which drive in which bay) and replace the drives in the Terramaster NAS and re-initialize. Then you can reintroduce those drives to the NAS or to a linux machine in the event of a recovery method becoming possible.

Back to the Original Article.

What Do We Know About the Terramaster NAS Deadbolt Ransomware Attack?


The bulk of the details even at this early stage of the terramaster NAS deadbolt ransomware attack bear alot of similarities to those of the Asustor attack last week (Read the article on that plus all the updates and MOST IMPORTANTLY the comments of that article as there is alot of information on how people have responded/adapted to when this hit them). Most users understood that their Terramaster NAS system was in the process of being hit by deadbolt Ransomware in two very clear ways, one arguably worse than the other. The first was that many of the more value series Terramster NAS systems (2/4 Bay systems at the Dual-Core level) had a sharp and very noticeable rise in system fan activity (and HDD LED lights kicking off incessantly) as the encryption command pushed the system very hard indeed. If you were fortunate enough to spot this early, then there is a reasonable chance that the % of files encrypted would be very low. However, a larger proportion of users found their NAS system was mostly/completely encrypted overnight (or whilst they were out of sight/earshot of the NAS) and their first knowledge of the attack was to be greeted by this (now depressingly familiar in 2022) deadbolt login screen:


Important Message for TERRAMASTER
All your affected customers have been targeted using a zero-day vulnerability in your product. We offer you two options to mitigate this (and future) damage:


1) Make a bitcoin payment of 5 BTC to bc1qhkeecsgmzf2965fg57ll3enqyj7y094lxl5nzm:


You will receive all details about this zero-day vulnerability so it can be patched. A detailed report will be sent to [email protected].


2) Make a bitcoin payment of 15 BTC to bc1qhkeecsgmzf2965fg57ll3enqyj7y094lxl5nzm:


You will receive a universal decryption master key (and instructions) that can be used to unlock all your clients their files. Additionally, we will also send you all details about the zero-day vulnerability to [email protected].


Upon receipt of payment for either option, all information will be sent to you in a timely fashion.


There is no way to contact us.
These are our only offers.
Thanks for your consideration.


Greetings,
DEADBOLT team.


If you are unsure if you have been hit by the deadbolt ransomware attack (i.e. you can still login fine and the login screen has not changed) but want to do a quick checklist on things to monitor. Here is a brief to-do list:

  • Your Remote mounted storage is suffering delayed responses/file opening (eg mapped drives, SMB mounts, etc) as this could mean that these are in use by the system and being encrypted. The same goes if you have a recently accessible remote mount that is now inaccessible
  • Search for .deadbolt in the file manager search bar. It is not the quickest, but any file hit by this will have the .deadbolt file extension
  • Your regular overnight backup(s) failed or took way, WAY too long, as this indicates a large amount of HDD activity taking place at the same time as your regular backups and even 3-4 hard drives in a RAID 5 will struggle to maintain even marginally good input/output actions when these larger volume activities are run simultaneously
  • Your system fans are increasing as drive activity has increased notably (encryption is a hefty task for any system to conduct, especially on the entire storage pool/volumes/etc
  • Your HDD/SSD LEDs are going NUTS! This also applies if you are using larger than 8TB drives or larger Seagate Ironwolfs NAS drives, Ultrastar, Red Pros, EXOs, etc as these Pro/Ent class drives make some real noise in heavy crunch activity such as large scale encryption

Currently (01/03/22 930AM GMT) Terramaster has yet to issue a formal statement on this or a firmware update, but the attack is around 12 hours old at most. Still, this is now the 3rd Deadbolt attack to hit NAS brands in the last 6 months (Asustor and QNAP previously) and alongside the earlier attack of a vulnerability in TOS at the start of the year. There are hopes that the current TOS 5.0 update (still in Beta) will feature improvements in it’s network security and how much access installed apps have to the core system administration.

What Does Terramaster Advise to Prevent the Deadbolt Ransomware?


Terramaster has responded to this recent Deadbolt ransomware attack of their NAS systems with the following statement:


Recently, we have received reports of some TNAS devices being attacked by Deadbolt Ransomware. Based on the case analysis, we initially concluded that this was an external attack against TNAS devices. To protect your data from Deadbolt, please take action now!


If your NAS works normally, we suggest you take the following countermeasures:


1. Upgrade your TOS to the latest version;


2. Install good anti-virus software on your computer, TNAS device and router to help you detect and resist malicious threats;


3. Disable port forwarding on your router. After disabling this function, you will not be able to access TNAS through the TNAS device bound to the DDNS external network.


4. Disable the UPnP function on your TNAS. After disabling, your PC, multimedia box, TV and other devices may not be able to access TNAS through UPnP protocol, please use DLNA, NFS, SMB protocol to access TNAS instead.


For more detailed measures, please refer to the following link:


https://www.terra-master.com/global/press/index/view/id/1143/


 


If you find that your NAS has unfortunately been affected by Deadbolt Ransomware, please follow the steps as below:


  1. Remove the LAN network cable from your TNAS device immediately.


  2. Power off your TNAS; x.86 models: short press the power button; ARM models: long-press the power button 3 seconds.


  3. Do not initialize your NAS as this will erase your data. 


  4. Please contact the online support on our official website or email to [email protected] directly.


Additionally, there is a great deal of activity in the last 12 hours on the official support forums on this, with a Terramaster Customer Representative issuing the following response to an initial enquiry on deadbolt ransomware attacks:



Right now, Asustor has yet to issue further information on recovery on this (unless I have updated this article above with further information), but I would recommend following the steps provided by other NAS brands in the wake of a ransomware attack such as this:

  • Change your password.
  • Use a strong password.
  • Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
  • Change web server ports. Default ports are 80 and 443.
  • Turn off Terminal/SSH and SFTP services and other services you do not use.
  • Make regular backups and ensure backups are up to date.

Until the attack vector is established, I would recommend going ‘all in’ on updating your security settings. Although a lot of the changes relating to password changes seem unrelated to this, without having a complete throughline on similarities between users, it is best to dot every i and cross every t!

Is There A Solution, Restoration or Recovery Method Currently Available to Deadbolt Affected Terramaster NAS?


As it stands, there is no resolution available from Terramaster NAS if your files have been encrypted by Deadbolt ransomware. other than paying the ransom (which would suck!) many are looking at methods of recovery using linux based mounting of the drives and accessing any snapshots in a BTRFS volume (or using PhotoRec/TeskDisk in the hope of reverting the files), but even then, there is little currently possible to recover affected files. That may not always be the case and I would still recommend keeping the encrypted files (in a 2nd location if you need to format your terramaster for continued use) as recovery methods might become available in weeks/months from now. Terramaster issued an updated press release on this with further instructions on disabling specific services, We suggest you take the following countermeasures:

  1. Upgrade your TOS to the latest version;
  2. Install good anti-virus software on your computer, TNAS device and router to help you detect and resist malicious threats;
  3. Disable port forwarding on your router. After disabling this function, you will not be able to access TNAS through the TNAS device bound to the DDNS external network.
  4. Disable the UPnP function on your TNAS. After disabling, your PC, multimedia box, TV and other devices may not be able to access TNAS through UPnP protocol, please use DLNA, NFS, SMB protocol to access TNAS instead.

  1. Disable RDP, SSH and Telnet when not in use;


Additional Changes Here:


  1. Change the default port of FTP. When you use the FTP protocol to access, please pay attention to bringing the port, such as ftp://192.168.0.1:1990.

  1. Set a high security level password for all users;

  2. Disable the system default admin account, re-create a new admin account, and set an advanced password;
    Note: For versions after TOS 4.2.09, you can set the administrator account without using the default admin username when installing the system. If it was upgraded from a version before TOS 4.2.09, you need to reset the system configuration, then you can customize the user name.

  3. Enable firewall and only allow trusted IP addresses and ports to access your device;
    a. Go to Control Panel > General Settings > Security > Firewall.
    b. Create a firewall rule and choose the operation of allow or deny.
    c. Fill in the IP range you allow or deny access to. If you fill in the network you want to deny access to, please fill in the subnet address correctly, otherwise it may cause your existing devices to be unable to access TNAS.

  1. Avoid using default port numbers 5443 for https and 8181 for http. After changing, please enter IP:Port in the browser address bar, such as 192.168.0.1:8186.
  2. Enable automatic IP block in TOS Control Panel to block IP addresses with too many failed login attempts;

  1. Backing up data is the best way to deal with malicious attacks; always back up data, at least one backup to another device. It is strongly recommended to adopt a 3-2-1 backup strategy.

 


If your Terramaster NAS was NOT affected, I would still recommend disabling remote/internet access., as the act vectors are not clear and there are reports from some users right now that state that they had the latest firmware, they were still hit. Therefore right now there is so much unconfirmed info here to allow remote access (in my opinion) and until further info is made available, I strongly recommend disconnecting your Terramaster NAS from the internet (wire AND via the software settings) and getting your backups in order. I will update this article soon as more information becomes available.


 

Asustor NAS Uninitialized Repair After Deadbolt Ransomware – Getting Back to ADM, Avoiding the Black Threat Screen & Seeing What Remains of your Data

25 février 2022 à 10:05

Getting Your Asustor NAS System Up and Running Again After Ransomware Attack


It has now been a few days since the initial attack of Asustor NAS systems by the deadbolt ransomware attack and although full recovery is still not a complete option for a lot of users (without having to take the agonizing step of paying the group for an encryption key – gah!), there have been steps by users, the linux community and Asustor to mitigate some of the damage for some and for those unaffected, allow them to use their systems with a little more confidence and comfort. Below are some instructions that will be of use to users who are currently in the following situations with their Asustor NAS:

  • When the encryption/attack first started (or you first noticed the NAS activity) you powered down your system abruptly and your NAS now shows as Uninitialized’
  • You Have the Asustor NAS working, but are being greeted by the black deadbolt threat screen that you want to navigate around WITHOUT using SSH/Command line
  • You are in either of the above two positions AND you have snapshots or a MyArchive routine setup on your NAS

If any of those three setups are how you would describe the position that you/your Asustor NAS is currently in, then you may well find this guide useful. However, DO remember that you are still dealing with your data and although this guide has been provided for the most part by the band themselves (with additions by myself – Robbie), you should immediately have a backup of your data (even if it’s encrypted in case of a system failure etc) and/or an external drive ready to move any/all data over too. If you caught the ransomware encryption early, then you might still have a  good % of your data still ok. Observing numerous affected machines have shown us that the encryption/changes begin at the system level (ie so it can change the index screen and renaming, etc), so in some cases, some people have reported that they caught it in time for some data to have been RENAMED (i.e the .deadbolt prefix that is affecting access or older structure in some cases) but not actually encrypted. So, this guide is about getting you into a position to access your Asustor NAS GUI and whatever the state of your data is. After that, you may still have no option but to format your system, wait for any kind of brand/community recovery method or (and I do not say this lightly, as the thought of continuing this kind of behaviour is disgusting) pay the ransom to get your data back. I appreciate that this is S&!T but some business users might have little choice. Let’s discuss access recovery options. If you are unaware of everything that has occurred to asustor and the deadbolt ransomware, you can use the attached video below:


Asustor NAS – How to Get Your NAS Running Again If It Is Saying Uninitialized


If you powered down your NAS abruptly when you saw the black threat screen OR unusual activity on your NAS (either by pulling the power cord or holding the power button for 5-10 seconds), then chances are that as the encryption hits the system files first and was in progress, that your NAS is not showing as ‘uninitialized’. This is because the system software is no corrupted. Yesterday Asustor released a new firmware update that closed the vulnerability (they claim, I have not verified personally yet). So, the following steps in the guide using the client desktop software Control Center and an internet connection (can be just on your PC/Mac and you directly connect with your Asustor if you choose) will allow you to access your NAS login GUI.



If you have shut down before, please connect to a network. If you enter the initialization page, please follow the instructions below to update your NAS:


Step 1

  • If you enter the initialization page and have an Internet connection, please press Next.

  • Please click Live update and then click Next.


Step 2

  • If you’re on the initialization screen and not connected to the Internet, please download ADM from ASUSTOR Downloads to your computer.
  • Once done, manually update ADM by uploading the ADM image file from your computer as shown below.
  • Please press Next.


Step 3

  • Update.
  • After the update has completed, you’ll be able to return to ADM.

Asustor NAS – If You Are Still Seeing the Black Threat Deadbolt Ransomware Screen


If you have access to your NAS drive BUT are faced with the black threat login screen replacement that replaced the previous one AND have followed the previous steps to install the latest firmware, the next three steps should allow your to navigate AROUND this and remove it entirely.


If the ransomware page remains after you connect to a network:

  • Please turn off your NAS, remove all hard drives and reboot.
  • When the initialization page appears, reinsert the hard drives.
  • Please follow the instructions above to update your NAS.

Asustor NAS – How to Restore Data with Snapshots, MyArchive Backups or Mirrored Volumes


Now, the next step is not going to be an option for everyone. Once you have logged in and accessed the extent of the file damage by encryption (eg, % of files affected, are they encrypted completely OR just renamed? etc). The following steps will be of use to those of you who are running a BTRFS setup and setup snapshots and/or the MyArchive backup/sync storage service. This part of the guide also includes the means to install a ransomware tool that (I know, ANNOYINGLY) gain access BACK to the black encryption entry screen. So if you have no choice (I am not judging you, the importance of your data is your call) and are going to choose to pay the ransom as it is going to cost you less than not retrieving your data, then you can use this ‘ransomware status’ tool to gain access back to the payment screen, encryption key window and ultimately allows you to pay the hackers. Again, it’s your call.


If you want to restore data and you have more than one volume installed on your NAS, use MyArchive drives, or have previously made Btrfs snapshots, please refer to the following instructions below. Restore all backups that you may have. Alternatively, if you have Btrfs snapshots, use Snapshot Center to restore previous versions of files and erase changes done by ransomware.



If regular backups were not kept and you want to enter the decryption key to retrieve lost data:


  • Confirm details and press Install.

  • Wait for installation to complete.

  • Reload the webpage to enter the ransomware screen again. You’ll be able to enter the decryption key.

  • If you want to return to ADM, you can do this in one of three ways. You can add backup.cgi after/portal/ in the address bar of your browser, you can hold the power button for three seconds to shut your NAS down and turn it on again or you may use ASUSTOR Control Center or AiMaster to restart your NAS.


 


  • Afterwards, it is imperative to uninstall Ransomware Status from App Central.


 

📧 LET ME KNOW ABOUT NEW POSTS 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,460 other subscribers


Get an alert every time something gets added to this specific article!


Want to follow specific category?

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR ANY OTHER NAS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

Asustor NAS Drives getting hit by Deadbolt Ransomware

21 février 2022 à 18:30

If you own an Asustor NAS and are reading this – CHECK IT NOW


Original Article – As of around 1 hour ago, multiple users online are reporting that their Asustor NAS systems have been attacked by ransomware known as Deadbolt. Much like the ransomware attack of QNAP NAS systems of the same name, this is a remote-command-pu#sh encryption attack that takes advantage of a vulnerability in the system software to command the system to encrypt the data on the NAS system, but with the added twist in this recent update of adding a new login GUI style space screen asking for 0.03BTC.


Updated 24/02 09:45 GMT


Asustor has just released a firmware update for their ADM 4 systems (HERE) for users who have not been hit by the Deadbolt ransomware attack, who are keeping their systems offline and/or powered down until the security issue/vulnerability was identified and neutralized. Here are the Asustor details on this:


An emergency update to ADM is provided in response to Deadbolt ransomware affecting ASUSTOR devices. ASUSTOR urges all users to install the latest version of ADM as soon as possible to protect themselves and minimize the risk of a Deadbolt infection. ASUSTOR also recommends taking measures to guard against the potential harms of Deadbolt in accordance with the previously announced protective measures. Please review the measures below to help increase the security of your data on your ASUSTOR NAS.

  • Change your password.
  • Use a strong password.
  • Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
  • Change web server ports. Default ports are 80 and 443.
  • Turn off Terminal/SSH and SFTP services and other services you do not use.
  • Make regular backups and ensure backups are up to date.

In response to increasing numbers of ransomware attacks, ASUSTOR has committed to an internal review of company policies to regain customer trust. This includes, but is not limited to increased monitoring of potential security risks and strengthening software and network defenses. ASUSTOR takes security very seriously and apologizes for any inconvenience caused.


Updated 23/02 21:03 GMT


Much like the deadbolt attack on QNAP devices earlier in 2022, in the changed index GUI on affected NAS’, the deadbolt team are offering to provide information to ASUSTOR about the zero-day vulnerability used to breach NAS devices and the master decryption for all affected users to get their data back. The DeadBolt link includes a link titled “important message for ASUSTOR,” which displays a message from DeadBolt for the attention of ASUSTOR. DeadBolt orchestrators are offering to details of the vulnerability if ASUSTOR pays them 7.5 BTC, worth $290,000. DeadBolt is also offering ASUSTOR the master decryption key for all victims and the zero-day breakdown explained for 50 BTC, worth $1.9 million. The ransomware operation states that there is no way to contact them other than making the bitcoin payment. However, once payment is made, they say they will send the information to the [email protected] email address.



Updated 06:50 GMT



Asustor has issued the following statement and recommendation for those who are (or believe they have been affected by the Deadbolt ransomware):


In response to Deadbolt ransomware attacks affecting ASUSTOR devices, ASUSTOR EZ-Connect, ASUSTOR EZ Sync, and ezconnect.to will be disabled as the issue is investigated. For your protection, we recommend the following measures:


Change default ports, including the default NAS web access ports of 8000 and 8001 as well as remote web access ports of 80 and 443.
Disable EZ Connect.
Make an immediate backup.
Turn off Terminal/SSH and SFTP services.


For more detailed security measures, please refer to the following link below:
https://www.asustor.com/en-gb/online/College_topic?topic=353


If you find that your NAS has been affected by Deadbolt ransomware, please follow the steps listed below.
1. Unplug the Ethernet network cable
2. Safely shut down your NAS by pressing and holding the power button for three seconds.
3. Do not initialize your NAS as this will erase your data.
4. Fill out the form listed below. Our technicians will contact you as soon as possible.


https://docs.google.com/forms/d/e/1FAIpQLScOwZCEitHGhiAeqNAbCPysxZS43bHOqGUK-bGX_mTfW_lG3A/viewform


Regarding filling out the technical support form, this is likeLy to help the brand identify the scale of the issue, but also allow a faster sharing (to those affected) of any recovery tools that might be possible. However, the culprit is looking increasingly like the EZ Connect Asustor Remote service. This has been further backed up by the fact that the official Asustor ADM demo page has also been hit by the Deadbolt ransomware (now taken offline). Additionally, many users who powered down their device during the deadbolt attack, upon rebooting their NAS system have been greeted with the message in the Asustor Control Center application that their system needs to be ‘re-initialized’. The most likely reason for this is that during the encryption processes, the core system files are the first files that get targeted and if the system was powered down/powered off immediately during this process, it may have corrupted system files. We are currently investigating if a recovery via mounting a drive in a Linux machine is possible (in conjunction with roll-back software such as PhotoRec).



If your Asustor NAS is in the process of being hit (even if you simply suspect it) as your HDDs are buzzing away unusually (and the HDD LEDs are flickering at an unusual hour), then it is recommended that you head into the process manager and see if the encryption process has been actioned by Deadbolt. The following suggestion of action was suggested by NAScompares commenter ‘Clinton Hall’ :


My solution so far, login vis ssh as root user


cd /volume0/usr/builtin
ls


you will see a 5 digit binary executable file For me it was 22491. I use that in the following command to get the process ID


ps | grep 22491


from this I got the Process id 25624. I kill that process


kill 25624


I then remove the binary file


chattr -i 22491
rm -f 22491


Now, restore the index as above


cd /usr/webman/portal
chattr -i index.cgi
rm index.cgi
cp index.cgi.bak index.cgi


Now for the fun part…. a LOT of file had been renamed (not encrypted) to have .deadbolt appended to the end of the filename… So rename them back


(note, you may want to do this folder by folder and check it is working). The following will do for the entire /volume1


cd /volume1
find . -type f -name "*.deadbolt" -exec bash -c 'for f; do base=${f##*/}; mv -- "$f" "${f%/*}/${base//.deadbolt/}"; done' _ {} +


After these are all renamed, everything should work. Probably a good idea to reboot to restart the services etc.


Also, I’m not sure if the above will definitely traverse the [email protected] etc… so I did this manually


cd /volume1/[email protected]
find . -type f -name "*.deadbolt" -exec bash -c 'for f; do base=${f##*/}; mv -- "$f" "${f%/*}/${base//.deadbolt/}"; done' _ {} +


If you have not been hit, I would recommend you action the following from within your Asustor NAS (or better yet, where possible) power the device down until an official statement and a possible firmware patch is issued.

  • Disable EZ Connect
  • Turn off automatic updates
  • Disable SSH (if you do not need it for other services)
  • Block all NAS ports of the router, and only allow connections from inside the network

Updated 19:30 GMT


More details are coming up and it looks like (at least looking at the messages on the official Asustor  Forum and Reddit) the vulnerability stems from a vulnerability in EZConnect that has been exploited (still TBC). User billsargent on the official Asustor forums has posted some useful insights into how to get around the login screen and also details on the processes:


Take your NAS OFF of ezconnect. Block its traffic incoming from outside.
This overwrites the index.cgi with their own. In /usr/webman/portal there is a backup copy of your index there.
To remove theirs, you need to chattr -i index.cgi and replace it with the backup.
But you’ll also have to kill the process. Mine had a process that was just numbers running. I killed it, then deleted it. In /tmp there was another binary that was just numbers.
This is probably not possible to fix without a reset but you can get back into your portal with the above info. Right now though mine is still immediately replacing the index.cgi. 


And:


I am assuming you have ssh capabilities? If so you just need to ssh in and login as root and run these commands. This should help you get back into the portal.


cd /usr/webman/portal
chattr -i index.cgi
rm index.cgi
cp index.cgi.bak index.cgi


If you look at the index.cgi they created before you delete it, its a text script.
I am still in the investigative stages but nothing in my shares have been locked up with this yet. Just things in /root so far.
I’ve pulled out a ton of LTO tapes to backup my data. I think this is going to require a full reset. I hope asustor releases a fix for this but I will never again allow my NAS to have outside access again.


For clarification. This is what my /usr/webman/portal directories looked like. the .bak file is the original index.cgi.
I apologize if my posts seem jumbled up a bit. I’m trying to help and also figure this out as well. So I’m relaying things as I find them in hopes that others will be able to at least get back to their work.


Thank you to Asustor user billsargent for the above and full credit to him on this of course.


(Continuing with the Original Article from 21/02 17:30 GMT)


Although it is still very early in the actioning of this encryption attack, these attacks are slowly starting to emerge on forums right now, as well as twitter, see below:

やばい!!家のASUSTOR製NASがDEADBOLTとか言うランサムウェアに攻撃された!QNAP製のNASに最近入るってのは見たけど、まさか自分のNASもやられるとは…
そこまで大事なデータ入れてなかったのが不幸中の幸いだけど700GBくらいのデータ死んだのショックASUSTOR NAS使ってる人すぐネット切断した方がいい pic.twitter.com/gBFu8yx4hG


— sudara (@sudara_hodara) February 21, 2022



Additionally, this splash message contains a call-out to Asustor themselves (much like the QNAP NAS deadbolt attack) that states a message and a link for the brand to open a discussion (i.e pay) towards a master key and details of the vulnerability they have exploited:


“All your affected customers have been targeted using a zero-day vulnerability in your product. We offer you two options to mitigate this (and future) damage:”


Details are still emerging, so I will keep this article short and sweet for now (and add more later as details emerge), if you own an Asustor NAS drive, check it immediately! Regardless of whether you have enabled remote access via EZConnect or not (as that is not necessarily the key to the attack vector and possible remote DLNA port changes by your system, for example), check it now and ideally disconnect it from the internet. Currently, there is not enough information to ascertain if this relates to a case of ‘out of date firmware’ having an existing vulnerability or something inherent in the current firmware. Regardless, check your system and where possible, disconnect it from the internet until further details are confirmed here, on reputable sites such as Bleeping Computer or via direction from Asustor themselves.



Once you log into your NAS, check your logs and check your processes. If you have the means to backup to a NEW location, do so. DO NOT overwrite your existing backups with this backup unless you are 100% certain you have not been hit by deadbolt ransomware.

What to Do if you have been hit by the Deadbolt Ransomware


If you have been hit by the vulnerability, you will likely be unable to connect remotely with your NAS files/folders. Even if you can, you need to check whether you can open them or they have been encrypted to a new format (the extension/ .type or file will have changed). The following users commented onreddit and there are similar threads that we can see on their setup and how they got hit.


IF you still have access to your files, get your backups in order!!!!!


Otherwise, if you have been hit by this, then you need to disconnect your system from the internet. Killing any processes in the task manager is an option HOWEVER do bear in mind that doing so might corrupt currently encrypting files and therefore stop any kind of recovery. I am checking with a couple of affected users (as well as reaching out to Asustor as we speak to see if a suitable course of action can be recommended. Some users who have restarted their system or immediately pulled the power and rebooted have found that their system now states that it needs to be reinitialized.


One big factor to keep in mind right now is that not is still unclear if a) the deadbolt ransomware can be killed as a system process in the Asustor control center (I do not have an Asustor NAS that is affected in my possession right now) and b) if switching your system off DURING the deadbolt attack can lead to the data being unsalvagable as the encryption is partway through. So, disconnect from the internet (physically and via EZConnect for now) and if you can see youR CPU usage spiking and/or your HDD LEDs going nuts, you are likely being hit.

My Asustor NAS is Saying it is Uninitialized


DO NOT RE-INITIALIZE YOUR NAS. At least not yet, if you have already powered your NAS as a reaction to the attack (understandable, if not the best choice without knowing the full attack vectors or how this affects the encryption) and you are being greeted by the option to reinitialize in the Asusto Control Center application, then power the device down again. But again, I only recommend this action right now for those that already reacted to the attack by shutting down their system/restarting already post-attack

If I am not hit by Deadbolt, Should I disconnect my Asustor NAS from the internet?


For now, YES. As the act vectors are not clear and there are reports from some users right now that state that they had the latest firmware, they were still hit, there is so much unconfirmed info here to allow remote access (in my opinion) and until further info is made available, I strongly recommend disconnecting your Asustor NAS from the internet (wire AND via the software settings) and getting your backups in order.


I will update this article soon as more information becomes available.


 



 


 

How to Install Plex on a Synology NAS with DSM 7

7 février 2022 à 01:11

A Guide to Installing Plex Media Server on your Synology NAS with the DSM 7

If you have been looking at buying a NAS drive for Plex to use as your own private Netflix, then there is a very good chance that you have heard the name ‘Synology’. They are the brand that produces some of the most user-friendly, yet powerfully efficient (yes, that is a thing!) servers in the market in 2022 and are often a highly recommended choice for setting up a slick, polished media streaming solution that uses YOUR movies/boxsets. Last year, Synology updated its system software and services platform, Diskstation Manager, from version 6.2 to 7.0 and improved a number of the system’s abilities and processes. However, the process for installing Plex media server on your Synology NAS changed, with DSM changing access privileges and defaults for 3rd party programs in order to ensure their solutions were as secure as possible. If you are running a Synology NAS drive with DSM 6.2 and are wondering how to install Plex Media Server, it is still remarkably straight forward and a full video walkthrough guide on this can be found HERE. However, those of you who have the most recent DSM7 upgrade (with DSM 7.01 and 7.1 already rolling out over 2022 gradually) will have found that the process for installing Plex has changed noticeably. So, today I wanted to walk you through, step by step, how to install Plex on a DSM 7 Synology NAS from beginning to end and ensure you get it right, first time. Alternatively, there is a video at the bottom of the page that will walk you through even quicker. Thanks for reading and I hope you enjoy this guide.

Plex Installation Guide on the DSM 7.0

Installing Plex on a NAS with DSM 7.0 is actually VERY similar to that of installing it on a DSM 6.2 Synology NAS, however, there are a few small changes in the process which allow Plex Media Server to access the correct directories. Previously these steps might be needed by most people but were not directed by the application especially clearly, so having these steps integrated into the formal setup is actually quite a smart idea by Synology. Let’s begin:

Step 1 – Head To The App Center

Step 2 – Go to the Beta Section

Step 3 – Find Plex Media Server and select Join Beta

Step 4 – Install Beta Application (speed depends on Internet Connection)

Step 5 – Select the location of where the Log Files will be installed – Can be left blank and it will save to the default directory

Step 6 – (This is the NEW bit) Give the Plex Media Server Application Permission to access the media directories. Head to the Control Panel

Step 7 – Then ‘Shared Folders’

Step 8 – Select the Folder where your Media is located in. In my case it is DS220PLUSSHARE – But it will be different on your own NAS device and based on your own storage setup

Step 9 – Select EDIT (at the top)

Step 10 – Then select the Permissions Tab

Step 11 – If Plex has created a local User (likely in DSM 6.2 . DSM 6 7.0 migration setups), make sure that the PLEX user account still has Read and/or Read/Write Access in the tick box list

Step 12 – Then (IMPORTANT) Select the drop-down menu at the top and switch to ‘System Internal’

Step 13 – Scroll down to the ‘Plex’ entry and give it Read and Write Access, then save the changes

Step 14 – Head back into the App Center window and click OK on the Plex Media App install setup window

Step 15 – The Plex Media APP should be installed and you can go ahead and click OPEN in the App Center window OR open it from the main Synology App dashboard

Step 16 – As this is a reinstallation of Plex Media Server on a NAS system as far as the Plex NAS app is concerned, the system may require PLEX to ‘claim’ the NAS once again, just head into the individual Server Settings and an option to CLAIM the server will appear in orange

Step 17 – Whether this is your first Plex Installation OR a DSM migration, you will likely need to establish the pathways for each multimedia file type.

Step 18 – Just head upto the ADD LIBRARY option and a popup will appear that allows you to select each Media Type

Step 19 – Then browse the directories (that you gave the Plex Media Application permission to access) and add the media that is appropriate

Step 20 – Now the Plex Media Server Application will scrape all the metadata from the site librarys (rotten tomatoes, IMDB, etc) and fill out all the slick PLEX GUI for your connected clients to enjoy.

And there you have it. Plex is now installed on your DSM 7 equipped NAS System. Here is a video that will guide you through the process if you prefer visuals over text!

Want to learn more about DSM 7.1 and what Synology plan for 2022? Watch my article below that covers the highlights:

 

If you are looking for the driver fix for the Synology NAS and Plex installation with J4025 and J4125 processors, you can find the video walkthrough and step by step guide below:

 

📧 LET ME KNOW ABOUT NEW POSTS 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,457 other subscribers


Get an alert every time something gets added to this specific article!


Want to follow specific category?

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR ANY OTHER NAS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

Are QNAP NAS Safe?

2 février 2022 à 01:05

Are QNAP NAS Drives Safe Enough to Use in 2022?

Are you a QNAP NAS owner? Perhaps you are considering buying a QNAP NAS based on a recommendation from a friend, work colleague, IT professional or even myself (Robbie) on YouTube. The appeal of owning your own server, cutting the connection with your subscription cloud providers such as Dropbox or Google drive, having all your data backed up in-house and that feeling of pure control/ownership is hard to underestimate. However, over the last 2 years or more, it has been hard to ignore that the brand has suffered a series of security issues surrounding the subject of ransomware – a process whereby your data is encrypted with a unique, near uncrackable cypher and a document (typically a .txt) is left for you with instructions for you to make a payment in bitcoin to a predesignated account in order for instructions and the key to recovery your data. Ransomware in of itself is not new and originally dates back to 1996 under the name cryptoviral extortion (you didn’t come here for a history lesson, but the wiki covers a lot of those early developments into the concept) and is frighteningly easy to conduct IF an intruder has access to your system and/or the means to inject the command to encrypt the data inside of any system. Words like virus, hack and malware have been thrown around the internet for the last 20-30 years, however, Malware feels significantly more organized and comparatively recent, as well as being something that has been enacted on all storage platforms, such as Google Drive (thanks to sync tools), Apple was directly hit in 2021 and over 300 BIG name companies that you WILL of heard of in the last 18 months that included:

Acer, FujiFilm, Northern UK Rail, Exabyte Web Hosting, Foxtons, The Salvation Army, Shutterfly Photography, Bose Sound, The NRA, Kronos CRM systems, Gigabyte Motherboards, Volvo, SPAR, Olympus Cameras, GUESS Fashion, ADATA, CD Projekt, Travelex, SK Hynix, Capcom, Crytek, Kmart

Those are just a brief scan of confirmed news reports and only a small fraction of the companies, brands and institutions that have been successfully targetted. Tech companies, media companies, charities and countless retail outlets. Why am I going through all this? Well, 1, these companies should have exceptionally sophisticated storage and remote access protocols in place, 2, cannot use the excuse of being companies with practically no formal association with high-level storage and 3, are companies with a responsibility to protect significantly custom databases that eventually fell foul (partially or fully) to vulnerabilities. Personally, I DO think QNAP have blame that they need to acknowledge publically, made significant errors in these ransomware attacks AND have handled a number of the follow-up actions to these incidents very poorly (both in terms of communication and execution). However, I do also think that the end-user base is also not completely innocent and alongside ascertaining whether the brand is safe to use in 2022, we should also think about how we store data, the limits of our own due diligence and our expectations from server devices.

Important – If you are currently unaware of the Deadbolt ransomware attack that took place on QNAP NAS devices, you can find out more in the NASCompares article and video here. Additionally, if you have been affected by ransomware on your storage solution (QNAP or whatever brand), this post is not intended to play ‘blame games’ or detract from the impact (personally or professionally) that it has caused. I have experienced ransomware attacks, malware attacks through my browser, virus attacks on my OS and seen my fair share of attacks fail and (annoying) succeed. Please do not take this article in the spirit of ‘get stuffed, It’s your fault!”, but as a means of dissecting the current state of play at QNAP NAS and the realistic expectations/responsibilities of all involved.

PSA – GET YOUR BACKUPS IN ORDER!

Before you even go one paragraph further, I have a simple question for you – do you have a backup in place? If yes, then carry on to the next part. If not, and I cannot stress this enough, GET ONE NOW. The time you are spending reading this you could be susceptible to data loss in about 10 different ways without even factoring in ransomware (Power failure leading to hard drive corruption, Malware from a slightly iffy google search this morning, cloud storage provider going bust, OS failure on your device, etc). In this day and age owning a sufficient data backup is as sensible as buying a raincoat or looking both ways when you cross the street – you don’t do it because you like rain or like looking at cars, you do it because they are peace of mind, they are a safety net, they are for caution in case of the worst. It is a bit tenuous, but owning one or multiple backups always make me think of this quote from Shawshank Redemption by Stephen King:

shawshank redemption book

“There are really only two types of men in the world when it comes to bad trouble,” Andy said, cupping a match between his hands and lighting a cigarette. “Suppose there was a house full of rare paintings and sculptures and fine old antiques, Red? And suppose the guy who owned the house heard that there was a monster of a hurricane headed right at it. One of those two kinds of men just hopes for the best. The hurricane will change course, he says to himself. No right-thinking hurricane would ever dare wipe out all these Rembrandts, my two Degas horses, my Jackson Pollocks and my Paul Klees. Furthermore, God wouldn’t allow it. And if worst comes to worst, they’re insured. That’s one sort of man. The other sort just assumes that hurricane is going to tear right through the middle of his house. If the weather bureau says the hurricane just changed course, this guy assumes it’ll change back in order to put his house on ground zero again. This second type of guy knows there’s no harm in hoping for the best as long as you’re prepared for the worst.” 

Get a Backup in place

More Ransomware Attacks than Any other NAS Brand?

WannaCry, QLocker, eChoraix, Deadbolt, how, many, times…

Probably the most compelling argument against the safety of QNAP for many buyers is the simple fact that they seem to have been in the news more than any other NAS brand for reasons of ransomware attacks. Indeed, even a quick browse of the last 24 months on the site ‘Bleeping Computer’ for stories on QNAP shows you that there have been multiple vulnerabilities found in their software/access that have allowed encryption commands to be injected into the QNAP NAS system to execute the ransomware attacks. How can this one brand be such a soft target? What are they doing wrong? Well as it stands, reading through news posts before/after previous ransomware attacks, as well as the dissection of evens on the official forums in the midst of the current Deadbolt attack, the consistent threads are:

  • QNAP is rolling out software and services with weak default settings and acceptable minimums to allow inexperienced users to open up external access WITHOUT the users understanding the risks
  • QNAP has weaknesses in it’s software that the brand arguably takes a more reactive, than proactive stance on repairing
  • QNAP’s recommendations on actions to user post-ransomware attack both publically and in 1-to-1 dialogue with users has been felt unsatisfactory
  • Your QNAP NAS is better off currently used offline/network only

As general as all that might sound (without letting personal opinions colour it) those are largely the four core issues for many that have voiced their feelings on this in the forums. Moving away from the hefty subject of data loss slightly (we will be returning to that in a bit, but that is a question of Backups and routines to discuss), there is the fact that there have been vulnerabilities found in QNAP 1st party applications and services – but then again, so have there been in different NAS brand’s own services too. A click look at their respective Security Advisory pages will tell you this. This doesn’t exonerate QNAP in any way here with deadbolt, as part of the ‘social agreement’ between the end-user and QNAP is that as long as we ‘follow due diligence in protecting the data inside the NAS as directed AND maintain our own network/router setup, the QNAP NAS should protect our data inside the NAS to the best of it’s ability. This is where it all becomes problematic. As QNAP have never successfully balanced the line between giving the user freedom, control and customization WHILST still preventing the user from doing anything self-harming without a full idea of the consequences. It’s a line that their biggest competitor Synology seems to toe better and this comparison only serves to re-enforce the feeling (and numbers) that QNAP are attacked more. So, how can QNAP change this perception and what have QNAP actioned so far?

The Nature and Practice of Firmware Updates – Prevention & Cures

“Remind me Tomorrow” click

Though sometimes NOT the means with which a vulnerability in the QNAP NAS software/services is achieved, it is still a factor in some instances that updating to a later firmware would actually have closed a vulnerability. However, this is a remarkably broad statement and the truth is a great deal more nuanced. First, we have to understand that ALL software that has a remote access component via the internet will likely be investigated by cybercriminals for weaknesses. Not just NAS ones – ALL of them, from Microsoft office and Android mobile OS, to your LG TV and Amazon FireTV. Hell, I bet there are people who have investigated the ‘buy now’ option of WINRAR in effort to see if an opening exists to use it as a ransomware entry vector. What I am saying is that as soon as a commercially popular software with internet access exists, people are going to try and take it apart to find out its weaknesses for exploitation. If/When these weaknesses are found and actioned (or submitted to the brand for bounty programs – whereupon brands ask people to try and break their software, so they can make it better/safer/improved), the brand then issues a firmware update to the affected software/services to its user base, then around the merry-go-round we go again! This is not a process that happens daily – but it definitely happens weekly or monthly (depending on the frequency of the brand to instigate the changes that are raised to them). This is why is it so common for companies that are affected by ransomware in their software/services to immediately highlight the need for firmware updates. At that point, the attack vector and vulnerability is reverse engineered, patched and closed. Many of these vulnerabilities are small. Very, VERY small sometimes. Indeed, it is for this reason that all the reputable NAS brands have security advisory pages that list current weaknesses, vulnerabilities and issues on their platform that are being investigated (Synology HERE, Asustor HERE and yes, QNAP HERE) and in all my time in the world of network-attached storage, I do not think I have ever seen one of these pages have ‘100% resolved’, but when something is resolved the resolution is invariably rolled into an update. So what we can take from this is that although firmware updates do not completely remove the possibility of new vulnerabilities being found in the future, they do seemingly close the bulk of existing vulnerabilities that have been found by/volunteered to the brand.

So why do we not install the firmware updates automatically? This isn’t limited to NAS of course! From the Mac notification that have been nagging you at the top right of your screen, to the windows update at the bottom right and all those applications on your phone that are asking you to please install the latest updates to your software – we choose to ignore them til ‘later’! Worse still, there is the old ‘if it ain’t broke, don’t fix it’ mentality that will often result in many users only installing smaller updates, but flat out avoiding the BIG updates as they can ‘change where everything is’ or ‘I heard it breaks a bunch of stuff’. Businesses in particular with shared files in their thousands are always reluctant to run any process that can suspend that access temporarily or change how something works. So, there we have a fine melting pop of ingredients that has led (in some instances, but not all – as we will go further go into) to many users being hit by ransomware attacks via vulnerabilities that, although patches were available, were not actioned. How do we resolve this? Forced update that leaves the user’s own hesitance out of the equation? Limitations of the system’s remote connectivity unless the latest firmware update is installed (console gamers will be very familiar with that method of course)? Or a 50/50 split where minor updates are optional, but larger ones are mandatory? It’s a tough tight rope to walk. So, let’s see how QNAP walked/walks this tight rope and how they could have possibly done it ALOT better.

System Updates and Updates that are QNAP Forced?

Forced? Optional? Access Penalties?

As mentioned, tighter control of firmware implementation would allow the brand to ensure that QNAP NAS that have internet accessibility are updated to a high/current firmware revision. Alternatively, the brand could limit the systems external connectivity and disable all settings if the firmware on the system is not up to date – simply running a check with the QNAP domain when trying to access these services and settings and declining if the latest update is not installed. Xbox and Playstation users are more than aware of this as a fixed rule to ensure that installed software is officially licenced and checked in advance. However, those are closed systems and many buyers have selected QNAP because of the flexibility and customization it offers.

Forced updates are something of a taboo subject too, with the recent rather heavy-handed move by QNAP in light of the Deadbolt ransomware attack to remote push the latest firmware update to all QNAP NAS systems that were internet-connected without any notice to the end-users (overriding any settings that disabled or prevented this). Now, clearly, QNAP did this as an extreme and something to prevent the vulnerability of the system software and/or configuration from being exploited further (that have still not been fully confirmed in its attack vectors, with some users who have ridiculously high-security settings still getting hit). In non-ransomware instances, I think QNAP issuing a message to their user base with a “In 5 day’s there will be an essential system update on XX day XX month at XX:XX time” message, with even a brief explanation of why would have been infinitely more preferable and would have been met with a much more positive stance (as well as it also making many users update sooner). However, clearly, the decision for a forced update was more of a last resort/hastily decided choice and that forms part of another reason that many users find the QNAP platform to sometimes bring services and software to market that could do with a little more time in the oven. Whatever way you look at it, QNAP was going to be damned, whatever they did. But did they put themselves in this position? What about the expectations of the end-user and due diligence? What SHOULD be the expected skillset of a QNAP NAS buyer to start with?

The Extent of the End User Responsibility, Skillsets and Expectations?

How much should a user be expected to know about networking?

The simplicity of NAS systems (not just QNAP) can often be oversold. It’s annoying and I am as guilty as most of this, but given the wide range of users who install a NAS system into their storage environments, the ease of setup and use is not shared with the ease of setup and understanding of network security in your home or office. On the one hand, QNAP have have supplied multiple services and processes in their system software that make remote access easy, encrypted transmissions easy, SSL certificate applying easy, 2-step authentication easy, UPNP and router pushing easy – you name it, they have tried to make it easy. But should they have? The ease of setting up a number of these services (as well as non-randomized settings in some places) can easily give users a false sense of security. So, for those users of a higher skillset, it would be acceptable that a QNAP NAS should only be remotely accessed with the highest layers of security applied, and it should not allow remote level access to be possible without some unique intervention and set-up by the end-user (not just a password and/or disabling an admin account), although to stop presets of this nature would lead to a noticeable spike in the difficulty of setup, perhaps that is what is needed. This is by no means a new issue we are discussing and even a brief google search online finds examples of attack vectors and methods as far back as 1999 on public/org sites.

However, in reality, it simply would not work like this, The user base of QNAP NAS is just too varied and though these tougher and more unique security implementations would secure things, the less technically skilled users would hit hurdle after hurdle, once again, one of the prices of some (not all) of that flexibility. Alot of users who have been hit by ransomware attacks have specifically headed to official forums because they do not have the remote setup experience that might be deemed an acceptable minimum to start opening ports via the QNAP settings or directly on the router. This once again brings us back around to what should be the expected skill level of a QNAP NAS owner, how much of the control and security profile of the storage system belongs to QNAP and how much should the buyer be expected to do independently? You can buy a car, you can fill it with petrol and the manufacturer can tell you its top speed, and miles to the gallon – but no car manufacturer would feel the need to add to all their adverts “must have a driving licence”, do they? It’s a rather stretched simile I know, but the fact remains that users cannot expect to connect their storage to the internet in 2022, open up pathways to it via the internet and not at least make allowances or provisions that an attack could happen. This leads us to the hardest and coldest fact of QNAP’s recent ransomware attacks that, although only applies to a % of users, is still depressingly true.

How Backups and Data Storage are Still being Misunderstood

A frighteningly large number of victims with no backup. Acceptable backup levels?

One of the hardest choices for anyone that has been successfully targetted by ransomware attackers (not exclusive to NAS either) is the choice to pay or not. When I am asked to make recommendations for a home or business user in the free advice section here on NASCompares or the comments on YouTube, I will always ask what the user storage quote is currently (now then double annually over 5yrs), their user base (volume and frequency) and their budget? That last one is always a kicker for some, as no one wants to show their cards! I’m not a salesman and I do not work for a eRetailer, I ask because there is a lot of ground between a £99 DS120j and a £5000 RS3621XS+. However, budget is INCREDIBLY important and should not only be measured by the number of 0’s in the account, but also by the cost of if the data is lost! Many users are so busy thinking of how much it will cost to provision for the future, that they are not factoring in the cost of replacing the past! This is the exact personal vulnerability that ransomware targets and sadly, a lot of users still do not understand 1) what a backup actually IS and 2) what a backup actually ISN’T.

If your data ONLY lives on the NAS, then the NAS is not a backup. You likely knew that. But socially and conventionally, we tend to forget it quite easily. We make space on phones by deleting stuff because ‘it is backed up on the NAS’. We sync our laptops and MacBooks with a remote folder to keep our files safe on the NAS, but still make changes or delete files on the hoof. We take the NAS as red as a backup and at that point, it isn’t! Likewise there are things that SOUND like backups… RAID… Snapshots… Hot Spares… they sound very reassuring, but are not backups, they are safety nets! And are all typically found ‘in system’. A REAL backup is something that is the same files, ELSEWHERE!  There is no avoiding that a QNAP NAS (or a Synology or Asustor NAS for that matter) is NOT a backup solution in of itself, but can be used IN a Backup Strategy. All brands highlight at numerous points o their website that you should have a 1-2-3 Backup strategy, or a bare-metal and cloud backup, or a periodic USB backup, a NAS to NAS remote backup – or ALL of them! Sadly, there are a lot of users in the official QNAP forums that have been hit by ransomware and did not have backups in place, with some knowledge that they needed a backup but their budget’s prohibited it. Whilst others say that QNAP said it’s a backup device, they bought it as a backup device, QNAP missold it and that is the end of argument!

The sad truth is that QNAP is not responsible for your backup routine or strategy, it supplies the means to store and access data and their responsibility (succeed or fail) is to ensure its hardware and/or software provides a default secure level of access, as well as the means to configure that access to the users control. There HAVE been vulnerabilities found and they have patched them, as is the usual process in these things (at least, they say they have at that is the best guarantee we can ever have from a brand in the circumstances), but they are NOT responsible for your backup routine. This now leads us to the subject of the QNAP hardware, the QNAP software and comparisons with Synology.

Hardware vs Software Priorities – Both the Brand and the User Base

Hardware vs Software, QNAP vs Synology, Is the grass greener?

Way back in the mid twenty-teens, whenever I would discuss QNAP and Synology on the platform, I would always say that you go to Synology for the Software and QNAP for the Hardware. Synology’s DSM platform clearly makes up the bulk of the companies investment and attention, makes up a significant chunk of the price tag and is designed around keeping things as user-friendly as possible (within reason). This is why their devices at each generation refresh (DS916+>DS918+>DS920+ or DS216+>DS218+>DS220+) only make smaller increases on the previous generation – the software IS the focus. With QNAP we tend to see the hardware taking bigger leaps each generation. Better standard ethernet, better PCIe gens, Better CPUs much earlier and overall greater hardware at any given time. For PC builders and those that know a lot more about the contents of their laptop than the contents of their router, this is speaking THEIR language and makes the price tag translate better. Fast forward to 2022 and although that logic still remains the same, these brands are more 60/40 in their architecture (where 60 = their preferred hardware or software bias). The issue starts when QNAP seem to rush their software out the door very quickly. Alongside a lot of more beta applications being available, they roll out a lot of new types of software that (and I am sorry to use that expression again, but) could have used more time in the oven. This approach to software development and release can be dicey and although it makes QNAP the more exciting platform (with its better hardware, more diverse software and continued AI or generally automated services), it also means that the platform has less of the layers of troubleshooting red-tape that Synology has (which inversely means the Synology product is going to be more expensive and less hardware rich, as that investment of time needs to be repaid to be justified).

Look at the Apple TV box or Amazon FireTV / Firestick? Is it user-friendly? yes! Is it slick and intuitive? Yes! Is it flexible in the installation of 3rd party applications? NO (at least, not without workarounds)! Is it hardware-powerful? LORD NO! One glance on eBay will show you a thousand other media boxes at the same price with Android on board, 5-10x the hardware and customization coming out of the wazoo. Nevertheless, many users will not buy the apple/amazon media option because although they KNOW it will be slick and ‘hold your hand’ all the way, it will be a closed system, noticeably more expensive and even then “nothing is full proof, right?”. And a lot of the anger at QNAP for their increased ransomware targeting and handling of this needs to also be balanced against why a lot of users chose the QNAP NAS brand. The QNAP NAS platform does have good applications and services, some genuinely unique ones and ones that allow tremendous flexibility and customization – but users need to remain relative to what drew them to the platform and have sufficient backups AND safety nets in place. I would say this about QNAP, about Synology, hell… Google drive, DropBox, Backblaze… ALL of them have localized client tools that rely way too much on the success of versioning/roll-backs being possible on the cloud platform. None of them are 100% full proof and QNAP dropped the ball multiple times here, but none of these ways are unprecedented and should be provisioned for regardless of your NAS brand or cloud platform.

The Sad Truth about Servers, Security and Vulnerabilities

Vulnerability > Update > vulnerability > update > rinse > repeat

No platform, software or service is going to be 100% bulletproof. You can increase your personal layers of security (VPNs, Encryption, layers, restrictive white lists, etc) to hit 99.99% but whatever way you are looking at it, everything we use is software-based and therefore, fallible. Equally, users cannot pretend that it is still the early days of the internet anymore and still be annoyed when a statistical possibility that should have been factored against was not. Do I think QNAP NAS are safe? I’m sorry to say that the answer is never going to be a simple Yes/No. I think they provide what they say they provide and I think that QNAP hardware is still the best in the market right now. But their software needs to be less rushed, the extra time/budget be spent on that software, or utilize a trusted 3rd party. The need to relinquish some of the customization of their platform in efforts to remove some of the configuration out of the hands of less tech-savvy users who end up overly reliant in defaults. Perhaps a much more rigorous setup policy that, on day 1, have an EXPERT door and a NOVICE door, with randomized defaults and extremely regimented update rules on the latter. Equally, the brand (though better than it was) needs to work on its communication with its end-user base, both in the event of critical issues and education on what the user base needs to have to increase security OUTSIDE of their product.

I still recommend the brand, I still think users should use their products, but we need to be realistic and honest with ourselves about what we buy and our expectations. If I buy a QNAP NAS, I expect it to store the data I store in it and allow me access to it on my terms, but ‘my terms’ might be a lot more/less strict than the next person and with that comes due diligence in 2022. I hope that the most recent ransomware attack, deadbolt, is the last ‘big’ one we hear about the year/moving forward, but I do not think it will be. More than just QNAP, one look at the vulnerabilities listed on security advisories of all the brands tell us that there is big money to be made by these intruders and the brands can only stay 1 step ahead. As always, me and Eddie here on NASCompares have been running a page that links to the bigger NAS security Advisory pages that gets regularly updated, so if you want to get notifications on these as they get added (pulled from the official pages themselves), then you can visit the page below and put your email in for updates when they happen. Have a great week and backup, backup, BACKUP.

Click Below to Read

 

Finally, If you are currently unaware of the Deadbolt ransomware attack that took place on QNAP NAS devices, you can find out more in the NASCompares article and video below:

 

📧 LET ME KNOW ABOUT NEW POSTS 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,451 other subscribers


Get an alert every time something gets added to this specific article!


Want to follow specific category?

This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

QNAP NAS Attacked By DeadBolt Ransomware

26 janvier 2022 à 15:08

New QNAP Attack Emerges in the last 24hrs, the Deadbolt Ransomware

UPDATED 28/01/22 – QNAP has instigated a forced-push firmware update to NAS devices to upgrade their systems to version 5.0.0.1891 (the 23/12/21 update), which will override systems that have their update settings set to ‘Do not automatically update’. This will almost certainly change a number of default settings that in older QTS versions are connected with the means of the deadbolt firmware being instigated on individual NAS systems. Following this, several users have reported that existing iSCSI connections ceased, due to a default setting changing in the update. As per the highlights on the bleepingcomputer update article, this has been resolved by users by seeking out the following setting:

“In “Storage & Snapshots > ISCSI & Fiber Channel” right-click on your Alias (IQN) select “Modify > Network Portal” and select the adapter you utilize for ISCSI.”

Nevertheless, a forced update is quite a big move by the brand in response to this ransomware attack and one that under other circumstances would be something that ideally would have been presented with a “we will be making this forced update on X date, be aware” etc. In the QNAP reddit, a 1st party support team member responded to queries regarding the forced QNAP QTS update with the following;

“We are trying to increase protection against deadbolt. If recommended update is enabled under auto-update, then as soon as we have a security patch, it can be applied right away.

Back in the time of Qlocker, many people got infected after we had patched the vulnerability. In fact, that whole outbreak was after the patch was released. But many people don’t apply a security patch on the same day or even the same week it is released. And that makes it much harder to stop a ransomware campaign. We will work on patches/security enhancements against deadbolt and we hope they get applied right away.

I know there are arguments both ways as to whether or not we should do this. It is a hard decision to make. But it is because of deadbolt and our desire to stop this attack as soon as possible that we did this.”

Additionally, (again, thanks to BeepingComuter for raising this) there are reports that the number of affected devices may have raised significantly since originally projected and several security researchers and internet device monitoring sites raise this number to between 1,160-3,687 as of Jan 28 2022. See tweet below:

🔐 Curated Intel member, @1ZRR4H, observed QNAP ransomware events being reported via IoT search engines, including Shodan and Censys.

🔗 Shodan (1160 events): https://t.co/qpaCTuICAf

🔗 Censys (3687 events): https://t.co/uZKLQprSDE

Tip: use country tags to search by country. pic.twitter.com/2IXpCNpBvV

— Curated Intelligence (@CuratedIntel) January 27, 2022

I will continue to update this article as new information emerges. Please find the original article detailing the Deadbolt ransomware attack on QNA NAS devices below.

Yesterday (25/01) it has been reported on official QNAP forums that several users have been attacked by a new ransomware (actioned with the name Deadbolt) that, if successful in its intrusion, encrypts the content s of your NAS and demands 0.03 bitcoin (about $1000-1100) to provide the decryption key and allow retrieval of your data. QNAP has responded on multiple channels, urging their user base to immediately disable Port Forwarding on their router/modems and the UPnP function of the QNAP NAS within the remote access services. Additionally, they (as you would expect) strongly advise users to update their QTS software to the latest available version to block incoming DeadBolt ransomware attacks. QNAP has since issued this statement, published 26/01/22:

QNAP Systems, Inc. recently discovered that a ransomware called DeadBolt is attempting to attack NAS exposed to the Internet. The ransomware will hijack the NAS login screen and extort bitcoins from the victim. QNAP strongly urges all NAS users to immediately follow the methods below to check whether your NAS is exposed to the Internet, confirm whether the security settings of the router and NAS are complete, and update QTS to the latest version as soon as possible. More information regarding checking the level of access your QNAP NAS has to the internet, as well as how to change key settings to improve security can be found HERE.

Following the news on this as it has happened over 24hrs, the popular network security site Bleeping Computer reported that DeadBolt ransomware group started attacking QNAP users  and encrypting files on compromised NAS devices applying a .deadbolt file extension to affected files

Unlike previous instances involving QNAP NAS being targeted by ransomware, deadbolt are not dropping ransom .txt or docs to the encrypted devices but, this time are replacing the login pages to display warning screens saying “WARNING: Your files have been locked by DeadBolt.” The ransom screen asks the QNAP NAS owner to pay 0.03 bitcoins (roughly $1,100) to a unique Bitcoin address generated for each victim, claiming that the decryption key will be sent to the same blockchain address in the OP_RETURN field once the payment goes through. Sadly, as is always a risk factor with ransomware, currently, there are no confirmations that the threat actors will actually deliver on their promise to send a working decryption key after paying the ransom (as at the time of writing) users who have been affected are not seemingly considering paying (understandably, as this likely facilitates this happening further still in future for others).

Additional to the main ransom note splash screen on affected QNAP NAS systems, there is also is a link “important message for QNAP,” which then leads to a displayed message from the DeadBolt ransomware group that is specifically for QNAP’s attention. This screen states that the DeadBolt ransomware gang is offering the full details of the alleged zero-day vulnerability if QNAP pays them 5 Bitcoins in payment, roughly equivalent to $184,000. They are also willing to sell QNAP the master decryption key that can decrypt the files for all affected victims and the zero-day info for 50 bitcoins, roughly $1.85 million based on the current BC valuation. They state that if this payment is made:; “You will receive a universal decryption master key (and instructions) that can be used to unlock all your clients files. Additionally, we will also send you all details about the zero-day vulnerability to [email protected]

So, fairly brazen stuff!

What Does the DeadBolt Ransomware do to my QNAP NAS?

The DeadBolt ransomware is attempting to encrypt QNAP NAS, units, utilizing what they state is a zero-day vulnerability within QTS (A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit that attacks a zero-day vulnerability is called a zero-day exploit). The attack began on January 25th, with numerous QNAP users discovering their data encrypted and file names appended with a .deadbolt file extension, as well as amending the QNAP login web page to show a display screen stating, “WARNING: Your files have been locked by DeadBolt,” (see below:

On this occasion, this user was told they need to pay 0.03 bitcoins (roughly $1,100) to an individual Bitcoin link in order to receive the decryption key. The process of receiving the key is detailed follows:

So, if you have not been affected by this ransomware, but have/need your QNAP NAS to be remotely accessible from outside of your local network, what should you do?

How to Check and Amend Your QNAP NAS Internet Access Right Now

Like many ransomware attacks, the full vulnerability that it exploits will become clearer as time goes on, but a high facilitating factor of the deadbolt attack concerns poor remote access security. Remote access to the NAS can be made several ways (some more complex than others) and QNAP in their recent news post on this ransomware attack highlights further recommended network maintenance measures that you should follow/check. Open the Security Counselor program of the QNAP NAS, if you find the warning text “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP”, it means that your NAS is being exposed to the external network, and the risk is extremely high.

If you are unsure which port numbers on your router are open, then you can use this guide on How to query the port number that has been exposed to the external network HERE. If your NAS is exposed to the Internet, it is recommended that you follow the steps below for NAS security protection:

1: Turn off the Port Forwarding function of the router

Open your router’s system management interface, check the router’s Virtual Server, NAT or Port Forwarding settings, and set the NAS system management ports (8080 and 443 by default) to off.

2: Check if the UPnP function of the QNAP NAS remains off

Open the myQNAPcloud app of QTS and check the UPnP Router settings. Uncheck “Enable UPnP Port forwarding”

Connecting with your QNAP NAS remotely may well be a key reason why you purchased the system, but if you are less tech or network protocol savvy, then many users will use the QNAP supplied service. However, I still HIGHLY recommend that you bolster your network security settings as much as possible and ensure you have multiple layers of security (automated or direct authentication required) between the internet and your NAS Drive. If you need a NAS external network connection and want to use the myQNAPcloud Link to connect, please refer to the following link – HERE

Alternatively, QNAP made a whole page on remote access security and a breakdown of the factors HERE. Further details on this are covered in the Data News of the Week Video below from the NASCompares YouTube channel:

We will continue to monitor this and update this article if further information arrives that ranges from changes in the attack methodology to potential fixes and decryption tools emerging.

Additionally, it is worth remembering that exploits can be found in practically any internet-connected appliance, it is just a question of the extent to which a vulnerability can be pushed to execute unique commands. The software makers (not just NAS, but practically ALL internet service linked applications and tools) can only be 1-step ahead of hacks (cat and mouse, 1 step each, etc) and that is why all reputable NAS brands have Security Advisory pages that are regularly updated to list any current vulnerabilities that are found, addressed and patched on their platforms. However, staying on top of these can be difficult, so below is a link to a page here on NASCompares that is updated automatically every day and/when a brand updates its security vulnerability advisory pages. You can add your email address to that page in order to receive updates as soon as the brands publish investigated vulnerabilities. Visit this page by clicking the banner below:

 


Articles Get Updated Regularly - Get an alert every time something gets added to this page!



This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

Terramaster NAS Drives Being Attacked by Ransomware

18 janvier 2022 à 10:13

Terramaster NAS Devices Being Targetted by Ransomware – IMPORTANT

If you are a current Terramaster NAS user, then immediately log into your system and check that your data is in order. In a little over the last week, numerous users have been reporting that their TNAS systems have been hit by ransomware attacks (bearing similarity in structure and protocol to the eCh0raix attacks that were attempted/executed on QNAP and Synology NAS systems in 2020/2021) and a considerable number of users are reporting that the data has now been encrypted, with the usual ranSom note for payment (bitcoin to X wallet etc) left for the user’s attention. Despite any internet-accessible device always having to take into consideration (and preparation) for the possibility of an outside intruder getting in, there are questions being raised about the extent to which this has been the fault of Terramaster to secure their systems, re-enforce security protocol/workflows onto their audience (many of whom purchasing their value series devices with a domestic level of technical knowledge) as well as questions being raised about vulnerabilities in the uPnP (previously raised in April 2021). Here is a breakdown of everything we know so far at the time of writing.

The Terramaster NAS Ransomware Attack – The Story so far and what Terramaster Recommend You Do

On the 11th Jan 2022, Terramaster raised this post on their official forum and news pages here regarding reports of ransomware attacks on TNAS systems. The key points and recommendations for actions from that post were as follows:

Recently, we have received reports that some TNAS devices have been attacked by ransomware. Based on the case study, we preliminarily concluded that this was an external attack targeting TNAS devices. To keep your data safe from attack, please take action immediately!

We suggest you take the following countermeasures:

1. Upgrade your TOS to the latest version;

2. Install good anti-virus software on your computer, TNAS device and router to help you detect and resist malicious threats;

3. Disable port forwarding on your router.

4. Disable the UPnP function on your TNAS.
Image

5. Disable RDP, SSH and Telnet when not in use;
Image
Image

6. Change the default port of FTP.
Image

7. Set a high security level password for all users;

8. Disable the system default admin account, re-create a new admin account, and set an advanced password;
Note: For versions after TOS 4.2.09, you can set the administrator account without using the default admin username when installing the system. If it was upgraded from a version before TOS 4.2.09, you need to reset the system configuration, then you can customize the user name.

9. Enable firewall and only allow trusted IP addresses and ports to access your device;
a. Go to Control Panel > General Settings > Security > Firewall.
b. Create a firewall rule and choose the operation of allow or deny.
c. Fill in the IP range you allow or deny access to.
Image

10. Avoid using default port numbers 5443 for https and 8181 for http;

11. Enable automatic IP block in TOS Control Panel to block IP addresses with too many failed login attempts;
Image

12. Backing up data is the best way to deal with malicious attacks; always back up data, at least one backup to another device. It is strongly recommended to adopt a 3-2-1 backup strategy.

If unfortunately, you have found that your data is infected by ransomware:

1. Disconnect your computer and TNAS device from the Internet immediately;

2. Before restoring data, thoroughly remove the infection in the computer system and TNAS; You need to restore your TNAS to factory settings and completely format all your hard drives.

Now, how did this occur? It seems like details are being circulated regarding a vulnerability that was found online in December. A remarkably comprehensive and detailed breakdown of how this vulnerability into a Terramaster was exploited can be explored here, published in December 2021 – https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/

There has been several criticisms raised against Terramaster and their recommendations that were raised, as well as how loud the brand is being, outside singular forum posts, to raise awareness of this. Criticisms range from not adequately explaining methods of actioning the recommendations (such as how to disable the admin account and how it is not simply a case of an on/off option accessible via a separate account immediately to all) or detailing how these changes will impact system use afterwards. An official Terramaster support team member has responded:

First of all, it is very sad that this happened to all the victims. Terramaster has been working hard to strengthen the security of TNAS devices. Various security tools are integrated in TOS, and we also provide you with various possible countermeasures. However, once your device is exposed to the Internet, there is a risk of being attacked. Because you are dealing with very professional hackers, hackers will do anything to gain profits. Only one method is not enough to avoid attacks. In order to improve the security level, multiple security measures must be adopted. Even so, there is still no guarantee that your device is completely secure. A large number of devices are attacked by ransomware every day, including Terramaster, QNAP, Synology, and even the servers of some large enterprises or government agencies.
https://unit42.paloaltonetworks.com/ech … ware-soho/

If you expose your device to the internet but don’t want to do anything, you may be one of the victims. After studying the cases of individual victims, we found that the hackers continued to attack the victim’s device through the ftp service for more than dozens of hours. If you use the system default port, low security level account and password, you are very likely to become a victim. However, ftp is definitely not the only way to attack, please act immediately and follow our countermeasures one by one to reduce the risk of being attacked.

We will continue to study how the ransomware invaded TNAS devices and will release updates in a timely manner.

Now, one recommendation that has raised particular scrutiny is disabling the default admin account. Many users highlight that Disabling the default administrator account is easier said than done as it is dependant on your installation and version of TOS. To disable the admin account (taken from the official Terramaster official forum and their service team), you need to be a new user with a new TOS installation from 4.2.09 or later versions. For all users with TOS versions installed before 4.2.09 or update to a later version is not possible to disable the default admin account, you need to re-install a new TOS later than 4.2.09. If you are considering re-installing TOS fresh on your terramaster (for security or as a last alternative to get your system storage back without paying ransomware payments regardless of lost data, a guide from terramaster to recover can be found here – https://forum.terra-master.com/en/viewtopic.php?f=76&t=423

Additionally, Terramsater is currently working on TOS 5.0, the latest version of their software (currently still in early alpha/beta testing) and some users on the official forum are highlighting that jsut waiting on this new full release is preferable.

If you have been hit by the Terramaster Ransomware Attack?

Currently, it seems (at least at the time of writing) that if your Terramaster NAS has been hit by this ransomware, there is little to no 3rd party tool/decryption solution available online. However, much like when QNAP was hit by eChoraix and Qsnatch, over time some solutions were made (some in executional form such as QRescue with PhotoRec addons) and some in reverse engineering methods might be possible, so if you have important data that you hope to have recovered, but bulk at the prospect of paying the attackers, it might be worth moving this data off the NAS and onto another storage system (USB, Cloud, offline server, etc) in the meantime. Of course, if you still wish to use your terramaster NAS system, it will require a system reset/format. Indeed, Terramaster themselves raised it (rather bluntly one might say) in their official forum regarding the process of the malware attack in this (and most) cases and the result, if no decrypted can be put together (as has been the case on a few of the 2020/early-2021 ransomware attacks on other platforms such as QNAP:

Since the ransomware creates a random sequence as the AES Key, and then encrypts the previously generated AES Key with the locally generated RSA public key, and uses the AES CFB algorithm to encrypt the files in the infected device, each encrypted device uses a different key. Likewise, once files are encrypted by ransomware, there is usually no way to decrypt them. If your data is so important that you need to get it back, paying the ransom might be the only way. It’s worth reminding that even paying the ransom is not a 100% guarantee that your data will be rescued. If you are not willing to pay the ransom, intend to give up the encrypted data. You can go to Control Panel > Storage, delete volumes and storage pools, and restore the system to factory settings.

If I was in the shoes of someone who had their data encrypted, without a backup in place, then (where possible) I would still hold out for recovery methods. It was rightly raised by Charlie Crocker on the Terramaster forum that decryption of previous NAS ransomware is still ongoing and so if you have the means to move this data elsewhere (along with the ransom .txt, as this is often incredibly useful for identifying the encryption campaign method later), I would recommend that – rather than wiping it all! But I can appreciate that this can be an expensive option.

Criticism of Terramaster in their Response to this Ransomware Attack

Currently, Terramaster is being heavily criticized on their own forums for their handling of this. Understandably, some users were already unhappy with the raised reminders if UPnP weaknesses in a previous version of TOS. An older vulnerability in the Terramaster NAS system was reported in April 2021. As it turns out though, their NAS systems are accessible across the entire internet via the UPnP protocol. Universal Plug and Play (UPnP) is used by an infinite number of network devices, including NAS, routers, computers, gaming consoles, printers, mobile devices, IoT devices, and many more. A full breakdown of this vulnerability in TOS last year was covered over on StorageReview here – https://www.storagereview.com/news/terramaster-nas-vulnerability-found-over-upnp/

This is a developing matter and I will continue to update this article and compile it in a video over on YouTube shortly (when available, it will be published below).

 

Plex Netgear NAS Performance List

14 janvier 2022 à 02:00

What is the Best Netgear NAS for a Plex Media Server?

Plex has fast become the most popular media server software for home users in 2021/2022. With a slick user interface, smart organization, relevant media images and descriptions sourced from many online sources applied automatically and clever show recommendations and watched records, it is easy to see why Plex challenges many of the online streaming platforms such as Netflix, Amazon Instant and Hulu. Another attractive feature of Plex is that the software is available free (or a more feature-rich paid version), whereas online streaming sources have monthly subscriptions, do not let you play your own content and change/rotate available media content on a monthly basis. With Plex, you play the media that you own and it is organized in an attractive and easy way. However in order to take advantage of Plex, you need a device for your media and the Plex media server to live, and this is where the money part comes. The best means with which to host a plex media server is a Network Attached Storage device (or NAS server). One of the biggest NAS server providers in the world right now is Netgear and they have a large range of NAS devices that support Plex in many, many ways (transcoding, smooth running, 4K, etc). However which Netgear NAS should you buy for your Plex media server, what is transcoding on a Netgear Plex media server like and what is the best Netgear NAS for a Plex Media Server (PMS)?

What is Software Transcoding on a Netgear Plex Media Server?

When media lives on your Netgear NAS, often the device a that you are playing back your plex media (Smart TV, iPhone, Laptop, iPod) onto cannot support the media file type, the resolution or audio codec. In this case, the Plex Media Server on your Netgear NAS will try to change the file to a more suitable version, on the fly, to ensure you can enjoy your media in the best way. This is known as transcoding and though the Plex application is actioning this with the software, the actual work is being done by the Netgear NAS CPU. Software transcoding takes a heavy toll on the CPU and you will need a relatively powerful processor in order to support this feature. Typically the CPU will need to be:

  • In Intel or AMD Based Based CPU that is 64bit (x86) in Architecture
  • Higher than 1.6Ghz in Frequency
  • More than 2 Cores

It is important to highlight that transcoding for Plex on a Netgear NAS only really needs more power in the case of converting/changing video files. Audio and Image files will not require much support from the NAS.

Choosing the Right Netgear NAS for a Plex Media Server

When it comes to choosing the right Netgear NAS for your Plex Media Server, below I have broken down the entire currently available NAS you can buy. I have broken them down into the following areas:

Model ID – This is the Name of the Netgear NAS Device

CPU – This is the central processor of the Netgear NAS server and this will be what decides the performance of your Plex Media Server

SD 480p / 576p –Most likely the lowest point at which you will need transcoding of a video media file, 480p was used for many early Plasma televisions, whereas 576p is considered Standard Definition in many countries worldwide

HD 720p – Otherwise known as ‘HD Ready’ or ‘Standard HD’, it is generally considered the lowest starting point for watching HD media and starts at 1280×720

HD 1080p – Widely regarded at ‘Full-HD’, it arrives at 1920×1080. Most media listed at high definition in 2021/2022 will be 1080P

4K SDR 2160p – 4K SDR is the entry point into 4K Media. An SDR 2160p supported TV has around 4,000 lines of resolution (the lines across the screen that form the rows of pixels) but is not capable of completely showing the depth and richness of colours spectrum and contrast of 4K HDR. It is by no means a compromise and still an excellent picture, but rather this is due to the physical differences in the construction of the screen and not just how the images are processed, just like the differences between and SD and HDTV.

4K UHD HDR 2160p – The current top end of 4K Media file formats in popular commercial media. A 4K HDR TV has the same 4000 lines of resolution as those that support 4K SDR 2160p, but is physically capable of rendering an image with increased contrast and richer colours\separation thanks to the physical build superiority.

Be sure to check the kind of media you own (or plan on streaming from your Netgear NAS), as well as the devices you will be playing back on for a better idea of what kind of plex media transcoding support you will need from your NAS server from Netgear. Be sure to check the supported file types (most common modern files types you find for 1080p and 4K are .MKV .MP4 .MOV and .AVI).Below is the entire current Netgear NASrange and how well they perform in the Plex Media Server Application with a single Stream.

Guide for the Chart Below

Software Transcode = Uses the NAS software and CPU Power to alter a file to a more suitable Plex Playback type

Hardware – Accelerated Transcoding – Uses Embedded Graphics that are Integrated into the CPU to Alter a file to a more suitable version for Plex Playback

RED BOX – Recommended Synology NAS for Plex Media Server. Could be based on Performance, Price or Value between both

Use the FREE ADVICE Button to contact me directly for a recommendation on the Best Plex NAS for your Setup/Budget. Please bear in mind that this is a one-man operation, so my reply might take a little bit of time, but it will be impartial, honest and have your best interests at heart.

 

Software Transcoding Hardware – Accelerated Transcoding
Model CPU Model SD
480p / 576p
HD
720p
HD
1080p
4K
SDR 2160p
SD
480p / 576p
HD
720p
HD
1080p
H.264
2160p
HEVC SDR
2160p
RN102 ARMv7 (Armada 370) 1.2GHz No No No No No No No No No
RN104 ARMv7 (Armada 370) 1.2GHz No No No No No No No No No
RN202 ARMv7 (Cortex A15) 1.2GHz Yes Yes Some No No No No No No
RN204 ARMv7 (Cortex A15) 1.2GHz Yes Yes Some No No No No No No
RN212 ARMv7 (Cortex A15) 1.4Ghz Yes Yes Some No No No No No No
RN214 ARMv7 (Cortex A15) 1.4Ghz Yes Yes Some No No No No No No
RN312 x86 (Atom D2701) 2.13GHz Yes Some No No No No No No No
RN314 x86 (Atom D2701) 2.13GHz Yes Some No No No No No No No
RN316 x86 (Atom D2701) 2.13GHz Yes Some No No No No No No No
RN428 x64 (Atom C3000) 2.4Ghz Yes Yes Yes No No No No No No
RN516 x64 (Core i3-3220) 3.3GHz Yes Yes Yes No Yes Yes Yes No No
RN526X x64 (Xeon D-1508) 2.2Ghz Yes Yes Yes Some No No No No No
RN626X x64 (Xeon D-1521) 2.4Ghz Yes Yes Yes Some No No No No No
RN2120 ARMv7 (Armada XP) 1.2GHz No No No No No No No No No
RN3220 x64 (Core i3-3220 v2) 3.3GHz Yes Yes Yes No Yes Yes Yes No No
RN3312 x64 (Xeon E3-1225 v5) 3.3Ghz Yes Yes Yes Some Yes Yes Yes H.264 Only Decode Only
RN4220s x64 (Xeon E3-1225 v2) 3.2GHz Yes Yes Yes Some No No No No No
RN4220x x64 (Xeon E3-1225 v2) 3.2GHz Yes Yes Yes Some No No No No No
RN4312S x64 (Xeon E3-1245 v5) 3.5Ghz Yes Yes Yes Some Yes Yes Yes H.264 Only No
RN4312X x64 (Xeon E3-1245 v5) 3.5Ghz Yes Yes Yes Some Yes Yes Yes H.264 Only No

What is Accelerated Transcoding with Plex on my NAS?

Some Netgear NAS arrive with a CPU that has improved rendering or graphical embedding enabled. This means that is Plex can utilize this hardware for transcoding, it will require much, much less of the CPU processing power to transcode a video file. In order to take advantage of Plex hardware transcoding on your Netgear NAS, you will need to first check which NAS supports the transcoding to the extent you need by checking below. Next, you will need to upgrade your Plex Membership from the free version to the paid ‘Plex Pass’ subscription, as the option of Accelerated Transcoding with Netgear NAS hardware is not included in the plex free subscription. How to Enable Hardware Acceleration with Plex Media Server on a Netgear NAS

To use Hardware Transcoding on your Netgear NAS in a Plex Media Server, you need to enable it using the Plex Web access (head over to your Plex User interface on your browser.

  1. Open the Plex Web app.
  2. Navigate to Settings > Server > Transcoder to access the server settings.
  3. Turn on Show Advanced in the upper-right corner to expose advanced settings.
  4. Turn on Use hardware acceleration when available.
    hwaccel.png
  5. Click Save Changes at the bottom.

The changes should take place straight away and there is no need to reboot your Netgear NAS. Be sure to have updated to the latest version of the Plex Media Server application on your NAS and that Hardware Transcoding is listed as supported in the list above.


Articles Get Updated Regularly - Get an alert every time something gets added to this page!


This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.   This description contains links to Amazon. These links will take you to some of the products mentioned in today’s video. As an Amazon Associate, I earn from qualifying purchases

 

QNAP TS-364 NAS Review – Too Niche?

8 décembre 2021 à 01:26

The QNAP TS-364 NAS Drive Review

QNAP are now very much in the process of slowly rolling out their new Prosumer and SMB series for 2022, but when it comes to the unit that they are slowly releasing, you can definitely see that they are being a great deal smarter (tactically) than previous generations. Alongside the release of the NVMe focused TBS-464 back in late October, the next unit in this series to arrive is the incredibly unique and unusual QNAP TS-364 NAS Drive. Today I want to review this rather different NA system and ultimately answer three main questions, 1) Is this a suitable alternative to a 2/4-Bay? 2) Is this TOO niche, even for a subject that is already as niche as NAS? And 3) Ultimately does it deserve your data? This 3x Hard drive and 2x NVMe SSD system (that 2nd storage detail is always way, way too overlooked) is formed in a similar shape to the previous 3-Bay systems before it but also arrives with the latest choices in internal/external hardware architecture that we have grown to expect in 2021/2022 from QNAP. With some users who look at 2-Bay solutions and the 50% storage loss of RAID 1 as a dealbreaker, whilst still looking at 4-Bay systems as capacity and price based overkill, is a 3-Bay NAS drive such as the TS-364 from QNAP what you have been searching for all this time? Let’s review the QNAP TS-364 and decide if this system is just right OR just a little too niche? Let’s go.

QNAP TS-364 NAS Review – Quick Conclusion

Once again, QNAP (in my opinion of course) are still very much the true innovators of the NAS hardware industry, seemingly exploring and almost always delivering on solutions that change what we expect private home/business servers to look like, support and provide. The TS-364 3-Bay (TECHNICALLY 5-Bay if you want to be accurate about it) has one heck of a balancing act to perform, providing more than the typical 2-Bay desktop chassis like the TS-253D and TS-264 are promising, whilst not leaning TOO heavily on the TS-453D and TS-464 to make itself or those redundant in price or approach. I think it MOSTLY sticks the landing and what you have here is the best example of this series that QNAP has ever produced, managing to balance the price point and value just right. In my introduction, I asked three questions. 1) Is this a suitable alternative to a 2/4-Bay? – It DEFINITELY is a good option, for those that are stuck between the rock and a hard place of 2 or 4 bays! 2) Is this TOO niche, even for a subject that is already as niche as NAS? – No, I think this system provides a valuable and till-now often overlooked section of the buying market. And 3) Ultimately does it deserve your data? – I think if you are a 2-Bay buyer, then spending the tiny bit extra for this 3-Bay is a no brainer, but if you are looking at 4-Bays, then the 3-Bay TS-364 might lack the extra storage potential, PCIe upgrades and base level connectivity long term of current prosumer 4-Bays like the TS-453D and TS-464. Overall, I like what the TS-364 is offering here and I think it fits well in the QNAP portfolio and solutions available to the end user.

SOFTWARE - 8/10
HARDWARE - 8/10
PERFORMANCE - 8/10
PRICE - 8/10
VALUE - 8/10


8.0
PROS
👍🏻Best example of 3-Bay NAS series so far
👍🏻Quieter than I expected in use
👍🏻
👍🏻Newest Gen Intel Celeron CPU available on NAS right now
👍🏻
👍🏻2.5GbE Ready and has 2x USB 3.2 Gen 2 (10Gb/s)
👍🏻
👍🏻Good balance of HDD and SSD Storage Support
👍🏻
👍🏻VERY compact deployment
👍🏻
👍🏻4GB Memory by default and 16GB Max is good upgradability
👍🏻
👍🏻Surprisingly small, fo so much storage (long-ish though)
👍🏻
👍🏻QTS 5 has more 1st Party applications and services than any previous version
CONS
👎🏻The lack of 10GbE from the TS-332X is a shame (PCI Lane related)
👎🏻The NVMe SSD Bays are PCIe Gen 3 x2 (PCI Lane related)
👎🏻
👎🏻HDMI 1.4b not HDMI 2.0/a

QNAP TS-364 NAS Review – PACKAGING & ACCESSORIES

The retail box of the QNAP TS-364 NAS is fairly standard stuff, with the typical brown box design and a product-specific label. It is at this tier that a solution will almost exclusively be an eShop/Online only purchase, so therefore any concerns about packaging will be much more geared towards protection in transit from movement and shock damage. On that score, I would stay that the less than usual shaped TS-364 NAS chassis is well protected.

The TS-364 NAS chassis itself arrives in quite an impressive surrounding of hard foam from all corners. Indeed, this foam takes up more than 40% of the retail box and will amply protect this unit virtually completely in it’s transit from Taiwan to..well.. everywhere. Alongside the TS-364 unit itself, there is also a box of accessories in a separate kit carton.

The accessories that are included with the TS-364 are fairly typical of QNAP (with a small exception) and are pretty much everything you are going to need in order to get started with your NAS (with the exception of HDD/SSD media that you will need to buy separately).

The TS-364 features an external power supply unit, likely for reasons of space, easy replacement and maintaining better internal temperatures. The external PSU on this rather modest-sized NAS arrives is 65W and QNAP state that it has been recorded at 32.8W power use when in active use – this includes the internal fan in operation at all times.

The TS-364 also features the support of both Hard Drives and M.2 NVMe SSDs, something I will cover in more detail later. The accessory kit arrives with additional click’n’load HDDs install pods and two M.2 SSD heatsink panels that are adhesive-backed and designed to be applied directly onto the controller of any installed NVM.e SSDs in the NAS allocated bays.

As glad as I am that QNA has included heatsinks for the M.2 slot media that you might install in the TS-364, these are remarkably small and a bit underwhelming. On the one hand, the space for the M.2 bays inside the TS-364 is a little small, but there is still amply space for a larger full-2280 length heatsink. Whether this smaller m.2 heatsink is being provided because of space, overall active system temp provisioning or as it is a general part on their production line – it’s still a bit of an underwhelming inclusion, as in a heavy use 24×7 environment, I am unsure how effective these will be.

Overall, I am happy with the compact presentation and accessories, though I wonder how protected it is when shipped fully populated. Let’s take a look at the design of the QNAP TS-364 NAS.

QNAP TS-364 NAS Review – Design

The external chassis of the TS-364 is a rather unusual one that will almost certainly split opinion. For a start, it manages to be both smaller AND bigger than both your average 2-Bay and 4-Bay. As peculiar as that statement might sound, let me explain.

The front of the TS-364 NAS chassis is an almost perfect square, at 142mm x 150mm – shorter than more 2-Bay NAS systems that stack their HDD media vertically internally, as well as narrower than a 4-Bay that has that extra HDD bay. However, in depth/length, it’s a different story as the TS-364 is 260mm deep – that is noticeably deeper than more other desktop NAS chassis (even most 8-Bay systems). This is because the system clearly uses a vertically airflow system, which draws air through the system using a system of front-mounted vent holes and a large rear active fan. There are no holes/vents on the sides, in order to maintain and capitalize on this active airflow.

Alot of the ventilation o nthe front is surprisingly well hidden. The LED panel on the front of the device (which has lights that indicate system access, network activity, HDD health, HDD health and connectivity) neatly surrounds the larger side vent panel very well.

It is only when you angle the chassis up that the ventilation on that front panel under the LEDs is exposed, as well as the base level vents under the HDD media bays and those that are going to pass air directly over the m.2 SSD bays. It’s a neat design move.

The actual chassis design itself might look a bit retro/naff for some and the plastic, white choice in colour/materials is another area that some might not be enormously keen on, but you cannot really fault the venting choices here. Likewise, if this chassis had been metal, it would have noticeably increased the ambient noise level. It is already reported at 20.5  bd(A) which is already higher than when I had it in operation for Plex and software testing – coming soon), so overall I like the design choices here.

The TS-364 also features a useful front-mounted USB 3.2 Gen 1 (5Gb/s) port that can be used for local backups (either direction), peripheral devices, network upgrades (up to 5GbE too, over USB, using QNAP’s own adapter) and more. I have always championed this remarkably underestimated and old skool’ connection of desktop devices and am pleased that this rather compact system still features it.

The overall design of the TS-364 is going to be of little importance to those that plan on setting up the devices in an unseen corner/attic/storage room – but for those that want to desk mount the system nearby, perhaps directly connecting using the aforementioned USB-to-5GbE adapter for high speed local work might find the TS-364’s oddly long shape to be problematic. Still, for what it is trying to achieve and in order to facilitate three hard drive bays and cool 2 M.2 NVMe bays, I think the system did the right thing. Now, let’s talk connectivity.

QNAP TS-364 NAS Review – Ports & Connections

The connectivity of the TS-364 NAS is something that I think falls somewhere between ‘good stuff’ and ‘just enough’. Remember that QNAP is currently the only brand to have a featured series of 3-Bay devices in their portfolio to fill a surprisingly user-ready middle ground between prosumer and business storage users. Alot of the external connectivity’s good and ‘meh’ comes down to those pesky CPU PCI lanes again. The fact that in order to maintain a good price vs performance point, brands tend to rely on Intel Celeron processors at this tier. These processors have a decent enough level of PCI lanes to spread across storage bays and connectivity, but it is still a finite amount. The result is that those two internal M.2 bays result in a tiny amount of ‘wing clipping’ in the external connectivity. Let’s go through them in a bit, but first, back to cooling!

As mentioned earlier, the TS-364 internal temperature handling comes down to well-placed vents, well placed internal heatsinks and that rear fan. The TS-364 features a 92mm single rear fan that takes up over 50% of the rear of the chassis, DIRECTLY behind those SATA HDD storage bays. It’s RPM can be adjusted of course, but it is recommended to leave it on automatic. Even in very light usage, any particularly noticeably noise came from the HDD media more than the fan.

The first cool thing in connectivity is that the TS-364 is one of the first Prosumer/lite-SMB solutions from QNAP at this scale that includes USB 3.2 gen 2 (10Gb/s) ports. Both are USB Type A and support everything from my powerful USB accessories and tools, to external storage drives of up to 1,000MB/s. It’s a bit odd that this is not the USB on the front of the chassis with 1-touch copying (where someone who regularly but ad hoc connects a drive for work/school to backup FAST), but better to have it than not at all.

Another nice connection choice is the default 2.5GbE network port on the TS-364. QNAP has pretty much set 2.5x standard gigabit connectivity as the standard on 80-85% of their hardware and almost certainly it will be 100% in the next year or so. The act that this is arriving at the same price point at 1GbE means, as well as being completely backwards compatible is a definite bonus.

There is the minor complaint that it is a single ethernet port (not the 2x 2.5G on the TBS-464 or the 2x ports that will almost certainly arrive in the likes of the TS-264, TS-262 or even TS-x53E series at some point far into the future no doubt), but again, at this price point, it’s a tough complaint to keep up with. Below is the reported maximum by QNAP in this connection, but also it is a shame that this system lacks the 10GbE (SFP+) port of the TS-332X before it. Though this is likely that blasted CPU PIC limitation again, plus the TS-332X had a shocking weaker CPU by comparison.

The QNAP TS-364 also features an HDMI output, much like the rest of the SMB Intel-powered devices from QNAP. This means that the system can support a parallel GUI via an HDMI TV or monitor, as well as Keyboard, Video Mouse (KVM) support with the use of USB wired peripherals, Bluetooth adapter connected wireless peripherals and several network remote controls (plus the QNAP QRemote application for Android and iOS). The TS-364 features HDMI 1.4b, so 1080p at 60FPS and 4K at 30FPS, which is a slight downgrade on the HDMI 2.0 available on other TS-x64 NAS systems revealed so far.

I am working on a 2021/2022 revisit of HD Station from QNAP, but below is the Setup guide and overview of the application from last year that still covers a lot of the platforms abilities and features:

The external connectivity of the TS-364 is a good mix of useful, if somewhat safe choices by QNAP. I like what is here but the bits that shine do seem to have the tiniest pinch of compromise about them (2.5G but a single port, 10G USB but not on the front, HDMI but 1.6b rev). Let’s open up this NAS system and take a look at media drive installation and those internal hardware specifications.

Accessing the inside of the TS-364 is easy, with the removal of three rear screws, the chassis comes apart in two halves, revealing the internal storage bays, the memory upgrade slots and the Intel Celeron CPU inside. Let’s discuss that internal hardware in detail.

QNAP TS-364 NAS Review – Internal Hardware

The TS-364 does not support any kind of hot swapping, as it does not use external removable trays. Instead, it features the three SATA storage media bays in a cage arrangement, with the two m.2 SSD media bays, SODIMM memory slots and CPU+heatsink neatly located underneath in the fan’s air path.

The three SATA hard Drive trays do not require a screw driver to install the media, though installation of SATA SSDs is going to prove difficult/impossible without an adapter. The trays themselves are also a little flimsier than those found in a system that supports hot-swapping (i.e removal whilst the system is in operation).

The trays are a U shaped surround that features four-pin clips each that hold the 3.5″ SATA Hard drive in place. Clearly the usual trays that QNAP use in their system’s would be unsuitable large in this chassis, but these still feel a little underwhelming. Your TS-364 NAS can be operated with as little as a single HDD inside, but with all three bays populated you can take advantage of RAID configurations like RAID 5 for a better balance of storage, performance and redundancy (i.e a safety net if a drive dies). The latest 18TB and 20TB drives slot neatly into the chassis, which means a potential 60TB of raw HDD storage can be achieved in the TS-364 – for such a small physical size and just three bays of storage – that IS impressive!

Revisiting the subject of CPU PCI lanes leads to one part of the TS-364 architecture that may disappoint. Each of the M.2 NVMe SSD slots is PCIe Gen 3 x2 in bandwidth. This means that each slot can provide a potential 2,000MB/s of performance. However, the majority of modern PCIe Gen 3 SSDs arrive in Gen 3×4, normally hitting the 3,000-3,400MB/s performance mark. It is still great to have the flexibility of Hard Drives AND NVMe SSD, but it is still a shame that each slot has this unavoidable bottleneck internally. The fact they are included is still a HUGE bonus overall though, with the system supporting the use of these M.2 SSD bays for caching, raw storage pools or tiered storage alongside the HDDs RAID.

The CPU and memory used in the TS-364 are also of a good standard for a 2021/2022 Prosumer/SMB NAS release. Alongside an Intel Celeron CPU, it also arrives with 4GB of DDR4 2666Mhz memory (which can be upgraded to the maximum 16GB supported by the CPU). 4GB is still very decent about of base-level memory on this NAS and the fact that QNAP has included 2666Mhz memory (when older-gen units have always had 2400Mhz) is also a good sign for the brand’s future releases too. But the CPU is where I really want to focus.

The Celeron series is one that is generally refreshed every 18-24months by Intel on their production line. However, because of semi-conductor shortages and the effects of the pandemic in 2020/2021 on production lines, the result is that the Intel Celeron series most recent revisions have been remarkably erratic and the result is that the Celeron CPU of the newest TS-x64 series from QNAP actually spans three different (but VERY similar CPUs).

In the case of the TS-364, it arrives with the Intel N5105 or N5095. Both are 2.0Ghz in architecture that can be boosted to 2.9Ghz by the system when needed, as well as supporting on-broad graphics (so the support of transcoding and handling graphical data like 4K media and 3D images) to the same degree, AES-NI inline encryption and a great floating point. Aside from very minor differences around encoding/decoding and a slightly raised TDP (so, the amount of heat vs power draw) on the N5095, they are pretty much identical. Both are a nice jump up from the 2017/18 generation Intel Celeron J4115/J4125 that is used in the previous generation and at this price point, I am happy with this chip. Expect Plex testing and Virtual Machine testing soon.

Overall, the internal architecture of the QNAP TS-364 NAS at its £350-400 price (TBC at launch), which will almost certainly be lower on most e-retailers, seems a reasonable price for the architecture here. Let’s talk a little bit about the software included with the TS-364, known as QTS 5.

QNAP TS-364 NAS Review – Software & Services

Alongside the hardware of the TS-364 NAS, you also receive the complete software and services package of QNAP QTS (currently in version 5.0). This is a complete operating system. similar in design and presentation to Android OS, it runs hundreds of applications, services and functions, as well as arriving with many mobile and desktop client applications that allow you to interact with the data on your NAS in a much more tailored way. Alongside this, the QNAP QTS software on the TS-364 also includes a few extra SSD tools for anti-wearing on the SSDs, better SSD profiling and even options to separate the media into storage, caching or tiered storage where appropriate. The performance and services of QTS have been covered many times on this channel, so reviewing it’s individual performance on the TS-364 NAS is a difficult task, as we have to look at two key things. Is QTS a good software platform and is QTS 5.0 a substantial update on QTS 4.5? On the first score, I can comfortably say that QNAP NAS software and services have truly come into their own and the balancing act of supplying the end-user with the flexibility to use the system ‘their way’, whilst still keeping it user friendly is the best it has ever been. Is it perfect, no. In its efforts to make itself customizable in every way possible, QTS develops an inadvertent learning curve that may catch some novice users unaware. Likewise, although QTS 5 has done a lot of work on its presentation of information and notifications, there is still the odd moment of ‘TMI’ when switching between services on the fly. QNAP’s NAS software is still easily one of the most adaptable in the market right now and allows users to have a truly unique storage environment if they choose and although not quite as user-friendly as Synology DSM, it counters this by being fantastically flexibly by comparison (from file/folder structure to 3rd party services support and connectivity). In order to see the extent of the latest version of QNAP TS 5.0 use the links below to the written review and video below released in late 2021:

FULL Written QNAP QTS 5 Review FULL Video Review of QNAP QTS 5

Tests of the QNAP TS-364 on how it performs as a Plex Media Server, host for Virtual Machines and more will be conducted shortly over on NASCompares YouTube channel. I recommend visiting there to learn more. Below is the video review for the QNAP TS-364 NAS

QNAP TS-364 NAS Review – Conclusion & Verdict

Once again, QNAP (in my opinion of course) are still very much the true innovators of the NAS hardware industry, seemingly exploring and almost always delivering on solutions that change what we expect private home/business servers to look like, support and provide. The TS-364 3-Bay (TECHNICALLY 5-Bay if you want to be accurate about it) has one heck of a balancing act to perform, providing more than the typical 2-Bay desktop chassis like the TS-253D and TS-264 are promising, whilst not leaning TOO heavily on the TS-453D and TS-464 to make itself or those redundant in price or approach. I think it MOSTLY sticks the landing and what you have here is the best example of this series that QNAP has ever produced, managing to balance the price point and value just right. In my introduction, I asked three questions. 1) Is this a suitable alternative to a 2/4-Bay? – It DEFINITELY is a good option, for those that are stuck between the rock and a hard place of 2 or 4 bays! 2) Is this TOO niche, even for a subject that is already as niche as NAS? – No, I think this system provides a valuable and till-now often overlooked section of the buying market. And 3) Ultimately does it deserve your data? – I think if you are a 2-Bay buyer, then spending the tiny bit extra for this 3-Bay is a no brainer, but if you are looking at 4-Bays, then the 3-Bay TS-364 might lack the extra storage potential, PCIe upgrades and base level connectivity long term of current prosumer 4-Bays like the TS-453D and TS-464. Overall, I like what the TS-364 is offering here and I think it fits well in the QNAP portfolio and solutions available to the end-user.

PROs of the QNAP TS-364 NAS CONs of the QNAP TS-364 NAS
Best example of 3-Bay NAS series so far

Quieter than I expected in use

Newest Gen Intel Celeron CPU available on NAS right now

2.5GbE Ready and has 2x USB 3.2 Gen 2 (10Gb/s)

Good balance of HDD and SSD Storage Support

VERY compact deployment

4GB Memory by default and 16GB Max is good upgradability

Surprisingly small, fo so much storage (long-ish though)

QTS 5 has more 1st Party applications and services than any previous version

The lack of 10GbE from the TS-332X is a shame (PCI Lane related)

The NVMe SSD Bays are PCIe Gen 3 x2 (PCI Lane related)

HDMI 1.4b not HDMI 2.0/a

 


Articles Get Updated Regularly - Get an alert every time something gets added to this page!


This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

❌