• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 412
  • Last Modified:

Securing Synology Diskstation Traffic

Hi,
I like to understand ssl certificates and web browser security specifically when using Synology Diskstation Manager.  While Quickconnect has https enabled, it appears that traffic won't be encrypted throughout all points of the interwebs through ultimately reaching the diskstation destination because Synology has some sort of proxy in between.  It sounds like the same logic would apply when using their iphone apps too.  That would be nice to confirm here.
Anyway, I obtained a certificate from GoDaddy to apply a DDNS ie mydiskstation.synology.me account but I discovered that  I cannot install the certificate because I do not own the synology.me domain. I can set it up with that certificate if I have a domain; and I do.  This requires port forwarding 5001  on the router but then I begin to look at simply creating self signed certificate.  Sounds like this is fine but there's the potential albeit very unlikely with a man in attach if they somehow highjacked your DNS and pointed it to another Synology.  Idunno, I don't understand the great appeal of third party certificates now know that the likely hood of that happening is very small.  Also, maybe the self signed certificate isn't up to Chrome standards like the article mentions below.  Any thoughts on all this?


Chrome doesn't like certain certificates
http://googleonlinesecurity.blogspot.sg/2014/09/gradually-sunsetting-sha-1.html
0
snoopaloop
Asked:
snoopaloop
  • 3
  • 3
1 Solution
 
gheistCommented:
Once you save self-signed certificate on a client nobody can sneak in between.
0
 
snoopaloopAuthor Commented:
I understand that part.  Can you answer the questions regarding Synology?
0
 
gheistCommented:
very hard to tell given vague description you provided.
probably there is some place you can import your key and certificate in web ui. That may or may not be shared with webdav server.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
snoopaloopAuthor Commented:
Let me repeat more directly.  Please refer to original question I posted for in depth thoughts or inquiries.

Does connecting to any phone application using Quickconnect have the same security issues as using the web browser https://quickconnect.ect 

Is it worth purchasing the certificate when you can simply create your own?  The own difference is there's no Godaddy verifying the cert

Is the self signed Synology certificate up to Chrome standards?  Chrome tends to blast warnings all the time for SSL that are not up to snuff
0
 
gheistCommented:
Yes, all SSL connections are same

While it is just people yu know you can tell them to accept self-signed certificate
When it is more - create company's CA and import it into all relevant devices/PCs

Chrome insists on SHA-2, Firefox does not negotiate lower SSL versions than highest advertized. It is all up to synology-s SSL implementation if they pass the tests.
Chrome wll ask to accept self-signed cert and pin it to your site IF it is SHA2 2048bits. (e.g. you need to accept it every time if your SSL server is java 5 and does support only SHA1 and MD5)
Firefox will refuse to connect if your SSL site misadvertizes high SSL protocol version but does not support it. (e.g. RHEL5 is broken)
0
 
snoopaloopAuthor Commented:
I got this one answered...

    Does connecting to any phone application using Quickconnect have the same security issues as using the web browser https://quickconnect.ect 

*** Yes.  You can connect directly to your WAN IP to avoid issues.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now