These are the settings I use to disable direct internet access to/from my WD PR4100 NAS. Other models should be very similar. As an extra precaution, I also assign it a static IP address and block it at my router. To block it at the router, the easiest way is to use parental controls, but some routers also allow you to use custom rules and filters.
As mentioned previously, this does not eliminate all risk. However, if one is careful about where they browse using attached devices, it should greatly minimize the chances of getting hacked. Using ad and script blockers in your browser of choice (Firefox is mine) should further minimize the risk.
Cloud Access (Settings / General Tab):
Cloud Service: OFF
Connection Status: Disabled
Dashboard Cloud Access: OFF
Network Services (Settings / Network Tab):
IPv4 Network Mode: STATIC
IPv6 Network Mode: STATIC or OFF
FTP Access: OFF
Network Profile (Settings / Network Tab):
Status: No Internet access (Will appear after everything is done)
IPv4 DNS Server: BLANK
IPv6 DNS Server: BLANK
Gateway IP Address: BLANK
DNS Server1: BLANK
DNS Server2: BLANK
DNS Server3: BLANK
Granted, this will disable all Cloud access, but considering the current severe security vulnerabilities which remain un-patched, these precautions are a wise move. Personally, I have no interest in cloud-anything, so these settings are permanent on my network. I bought this NAS because I like the hardware, and hope to eventually customize the firmware to my liking, perhaps even permanently neutering the cloud aspects of it’s functionality in the process.