TeraStation™: the securest NAS on the market

Safety first

The risks of cyberattacks, ransomware, and industrial espionage is on the rise, while at the same time EU regulations for the protection of personal data reached a new level with GDPR (General Data Protection Regulation) entering into force on May 2018. Organisations and companies need to have reliable and secure storage in place in order to protect their sensible information as well as the personal data of their customers.

more about GPRD Compliance

Many small and medium sized organisations use network attached storage (NAS) devices to store, backup and share data. Buffalo is an established leading manufacturer of NAS devices and security of its customers’ data is, and has always been of the utmost priority. Buffalo NAS are secure devices in many aspects.

Buffalo supports SMBs in GDPR compliance with Security Features

Closed System

One of the most significant features to highlight is that Buffalo NAS systems are closed and not even the system administrator has root rights. Most competitors’ devices allow third party apps to be installed via an app store, which opens a potential loop hole for malware, spyware and other viruses. The TeraStation™ only allows connections to available network services, which you can still limit to the ones you really need and use by enabling/disabling them per LAN port and service thus minimising the risks further.

Security Set-up

Security starts with the setup. Buffalo always uses local setup for TeraStation™. It is not necessary to have an internet connection for the setup or create an account (like you need to do for some other vendors) to use the device for remote management what holds user names and/ or passwords that could be targeted by attackers.

Data Encryption

Disk Encryption: By choosing encrypting the drives option, all data written onto drives will be encrypted with AES 256bit. So even when HDDs are taken out of the unit, they cannot be read by PC or on other TeraStation™ units.

Encrypted data transfer: When accessing the TeraStation™ via remote management or WebAccess the connection can be established by using HTTPS, which guarantees encrypted data transfer. In addition all TeraStation™ support SFTP (SSH File Transfer Protocol), which enables secure file transfer capabilities between networked hosts.


The management of a TeraStation only works with a password. You can restrict file access by using passwords as well. The TS3010 and TS5010 series also support Access Control List (ACL) for sub-folders and individual files.

Compared to simple access right control, ACL enables very fine tuned management of who can access what. Backup and replication passwords prevent a secondary NAS of seeing or using the TeraStation for any backup or replication purpose.


By turning on the virus scan feature, virus spreading over the network is prevented. In case a vulnerable PC gets connected to the network and sends virus-infected data onto the TeraStation, the virus gets automatically detected by the TeraStation and quarantined to a segregated folder and prevents the infection to other clients.

  • TS3000/3010 & TS5000/5010, sold separately

Backup, replication, failover and encryption

While a backup is not exactly a security feature, it is a measure to protect yourself from data loss in case of a defect or attack on your system and essential for any business or private user. TeraStation™ offer plenty of options to secure your data in a safe way – backup (via USB or network), replication, encrypted replication, backup or replication via Rsync with SSH (encrypted file transfer), failover, cloud backup.

Anti-Theft features

Software Protection: Boot Authentication for TS3010 & TS5000/5010 Series

When the TeraStation™ unit boots up, it automatically goes through a boot authentication process by linking it over a local network or VPN with a Windows server or PC with the boot authentication management tool installed. If authentication fails, or the unit is blocked by the boot authentication management tool, the TeraStation™ will not boot up and cannot be reset. This will prevent the unauthorized boot-up or reset of a stolen TeraStation™ device. With the boot authentication management tool installed on a Windows PC, you can manage multiple TeraStation units, resulting in speedier trouble shooting. When the Boot Authentication feature is enabled, the data is automatically encrypted with AES 256bit.

The “Reset button” can be disabled (also on older models without Boot Authentication), which ensures that the unit cannot be used when removed without permission.

Physical Theft-Protection:
All TeraStation™ units (desktop and rackmount) feature Kensington lock compatibility. In addition, the desktop versions have lockable doors that prevent the disks being removed from the unit.

Duplex Firmware

This is an advanced recovery feature that makes TeraStation Network Attached Storage devices more secure from data corruption and data loss, thus reducing down time. Duplex Firmware creates more stabilised network storage performance and directly results in less system downtime without having to wait for an engineer to recover data. This is featured on the TeraStation 3010 and 5010 series.

In some cases, devices may stop working due to an unexpected firmware accident or OS failure. To prevent such downtime, TeraStation keeps firmware data in different two locations. (HDD and NAND). If master firmware data on HDD crashed by accident, then its backup data on NAND automatically fixes the master data and is designed to bring the unit back to operation automatically.

This allows you to quickly restore the OS with the assistance of the Duplex Firmware feature without compromising data.