The router ports are restricted and they are not the default ports. The NAS uses multifactor authentication. The NAS will respond to only one ICMP ping packet per second to hinder DoS hacker brute force attacks. The NAS also has a firewall and its own VPN server service. Passwords are complex and changed on a schedule. No default accounts are used on NAS or router and those use random naming.
Thanks, Don. Does the router have any kind of automatic alert notification when suspicious pinging occurs? I wonder how often such attacks happen to NAS setups.
The router, an Asus, has a CLS level 4 protection rating (the best apparently). I do not know all that much about it other than it the the best rating and the tech I know at LANL told me it met their standards and he recommended it to me. And he helped me with all my stuff and setup. I am not a genius but know one or two.
I have a couple of Asus RT-AX82U routers.
They have an excellent range and work great for my purposes.
They have a CLS level 4 protection rating, but I don't even know what that means. 
Pizzas can kill if eaten in one bite.