Synology QuickConnect Relay: Not Secure?

security networking network-attached-storage network-share synology

Solution 1:

  1. It is correct than QuickConnect isn't end-to-end encrypted. It is encrypted from your device to Synology, and then decrypted and re-encrypted for the voyage from Synology to your NAS. That part is necessary (it's how TLS works), but Synology could choose to add an additional end-to-end encryption layer if they wanted (with more work and performance hits). But they haven't.
  2. To my knowledge you cannot modify QuickConnect to fallback to your own relay.
  3. Most likely hole punching is safer than forwarding a public port (which is a hole that is open all the time).
  4. Hole punching would work when putting your Synology in your router's DMZ, but would be unnecessary and would defeat the point of hole punching. The DMZ is exposed to the internet all the time.

I don't know the answer to to 5 or 6.

Related

Kubernetes Ingress HA
Yum broken in Amazon instance
How do I allow VPN traffic only inside the network?
DNS Delegation with Netlify DNS & Domain.com registrar
Postfix , cant connect through telnet
Permission denied on files in a directory on a CIFS-mounted Windows share in Linux
Can't remove fixed IP from OpenStack
ifup gives "misplaced option"
mdadm set the mode before a second device raid1?
Automatically run script on startup with conda environment
How to set cooling fans speed using IPMI? [duplicate]
copy contents of registered variable to other hosts