> Even on something like a QNAP (which can be compared to managed hosting) this can be hard. Flip the wrong switch and you expose something to the world. Missed a security update: your device is now vulnerable.
It doesn't even require actively flipping switches, but can be from not knowing a vulnerable feature was enabled by default. My QNAP got hit with ransomware because of a vulnerability in the cloud access software that I wasn't even using. I've since locked down all non-local traffic.
Wanted to reply saying the same thing. I didn't really muck with the settings on my QNAP NAS and then checked into my files one day and everything was encrypted with some txt files telling me to send BTC to some address. I just formatted the disks, lamented not backing some stuff up, and moved on.
I'd say the point being: I'm a software engineer who knows better about these sorts of things and still got caught with my pants down. You have to be very judicious with respect to security. You can't just plug and play and say "I'm too busy to worry about that."
Another thing I'll add is the amount of software tools they have on these NAS machines strikes me as 1) very impressive for a company their size and 2) a huge surface area rife for being hacked. When it happened I wasn't surprised at all.
I've since stopped using it because at the end of the day I'd rather pay Dropbox to have peace of mind.
It doesn't even require actively flipping switches, but can be from not knowing a vulnerable feature was enabled by default. My QNAP got hit with ransomware because of a vulnerability in the cloud access software that I wasn't even using. I've since locked down all non-local traffic.