If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
NAS with data Encryption
I am looking at purchasing a NAS, i've been looking at the Synology
407e, Buffalo TeraStation Live and the Infrant ReadyNAS NV+ . My problem is that none of these or any others boxes that I can find supoprt native encryption and I want to be able to encrypt some if not all of the data stored on the NAS. I currently use TrueCrypt 4.3 on my PC and am very happy with it and wanted to hear from anyone that currently has a working solution for encrypting NASs. My concern about using TrueCrypt or similar is that I don't see how I could use the built-in media server on the NAS to stream to my network media player as TrueCrypt's encryption is done client-side. Any ideas? Thanks. |
#2
|
|||
|
|||
NAS with data Encryption
|
#3
|
|||
|
|||
NAS with data Encryption
You need to think about the functionality first: Do you want
the NAS to encrypt (and have the keys in its memory) or do you want to encrypt on the client? Second case: just use an ordinary NAS. If I encrypt on the client then how will I be able to stream video from the NAS to a network media player (I have the Buffalo LinkTheater) the Network Media Player will not be able to decrypt the data that it is receiving? All NASs that I mentioned above come with a built-in UPnP software to facilitate streaming of audio/video over the network, such as Buffalo's Mediabolic software and I want to be able to utilise that functionality. If the NAS handled the encryption itself I woud be happy with that, a dedicated controler for the encrypt/decrypt would be nice. First case: Since the NAS cannot tell what should be encrypted and what not, that is likely a case for whole disk or at least partition encryption. Advantage: Everything is encrypted. Disadvantage: If somebody gets access to the device without shutting it doen, then they can read everything. I am happy with that risk, I have other measures in place to mitigate that. Solution for an encrypted NAS would be, e.g., a Linux server with LUKS. I have no idea whether there are ''media servers'' for Linux though. Arno I would like to procure a commerically available box if possible rather than building my own. There is firmware available for both the Terastation and Synology that allow SSH access so modifications should not be a problem. Apologies, media servers = UPnP servers. Thanks for your quick response. |
#5
|
|||
|
|||
NAS with data Encryption
On Apr 9, 6:28 pm, Arno Wagner wrote:
Previously wrote: You need to think about the functionality first: Do you want the NAS to encrypt (and have the keys in its memory) or do you want to encrypt on the client? Second case: just use an ordinary NAS. If I encrypt on the client then how will I be able to stream video from the NAS to a network media player (I have the Buffalo LinkTheater) the Network Media Player will not be able to decrypt the data that it is receiving? Right. All NASs that I mentioned above come with a built-in UPnP software to facilitate streaming of audio/video over the network, such as Buffalo's Mediabolic software and I want to be able to utilise that functionality. Ok, So you want transparent encryption on the NAS. If the NAS handled the encryption itself I woud be happy with that, a dedicated controler for the encrypt/decrypt would be nice. First case: Since the NAS cannot tell what should be encrypted and what not, that is likely a case for whole disk or at least partition encryption. Advantage: Everything is encrypted. Disadvantage: If somebody gets access to the device without shutting it doen, then they can read everything. I am happy with that risk, I have other measures in place to mitigate that. Ok. Solution for an encrypted NAS would be, e.g., a Linux server with LUKS. I have no idea whether there are ''media servers'' for Linux though. Arno I would like to procure a commerically available box if possible rather than building my own. There is firmware available for both the Terastation and Synology that allow SSH access so modifications should not be a problem. Ok, if you want LUKS or verbatim dm-crypt, then you need two things: 1) The kernel must be compiled with dm-crypt support. No way around that. The options are under RAID support, device mapper, crypt target. 2) You need the userspace-tools. Basically that is cryptsetup or cryptsetup-LUKS. The latter is available fromhttp://luks.endorphin.org/ I would advide to go with LUKS. A lot of docu on the site as well. The way this works is as follows: Insetad of directly mounting the disk/partition, it is first mapped through the devece mapper (dm) with the crypto target (dm-crypt). The decrypted device is then mapped to a pseudo-device, e.g. /dev/mapper/d1. This one behaves just like a normal disk or partition for all practical purposes. One problem you may run into is performance. Strong crypto is CPU intensive. Might still be enough, though. Another problem is that you will have to get the development system for the Limux installation of the NAS, since you have to both compile kernel and the tools. Somebody might already have done this, BTW. Places to look arehttp://www.terastation.org/wiki/Hacking for help on hacking the Terrastation, unfortunately theu do not do server side encryption. Similar info should be on the web for other Linux-based NASes. Expect this to be a non-trivial project, though. Apologies, media servers = UPnP servers. I see. Thanks for your quick response. No problem. Arno OK change of tact, can you (or anyone else) recommend an afforable (Max USD$1,200) RAID 5 SATA/IDE USB Enclosure? Needs to have a minimum 5 disk bays. Something like this http://www.cooldrives.com/8hadrusb20ra.html would be great but it doesn't support RAID 5. |
#6
|
|||
|
|||
NAS with data Encryption
On Apr 9, 10:13 pm, wrote:
On Apr 9, 6:28 pm, Arno Wagner wrote: Previously wrote: You need to think about the functionality first: Do you want the NAS to encrypt (and have the keys in its memory) or do you want to encrypt on the client? Second case: just use an ordinary NAS. If I encrypt on the client then how will I be able to stream video from the NAS to a network media player (I have the Buffalo LinkTheater) the Network Media Player will not be able to decrypt the data that it is receiving? Right. All NASs that I mentioned above come with a built-in UPnP software to facilitate streaming of audio/video over the network, such as Buffalo's Mediabolic software and I want to be able to utilise that functionality. Ok, So you want transparent encryption on the NAS. If the NAS handled the encryption itself I woud be happy with that, a dedicated controler for the encrypt/decrypt would be nice. First case: Since the NAS cannot tell what should be encrypted and what not, that is likely a case for whole disk or at least partition encryption. Advantage: Everything is encrypted. Disadvantage: If somebody gets access to the device without shutting it doen, then they can read everything. I am happy with that risk, I have other measures in place to mitigate that. Ok. Solution for an encrypted NAS would be, e.g., a Linux server with LUKS. I have no idea whether there are ''media servers'' for Linux though. Arno I would like to procure a commerically available box if possible rather than building my own. There is firmware available for both the Terastation and Synology that allow SSH access so modifications should not be a problem. Ok, if you want LUKS or verbatim dm-crypt, then you need two things: 1) The kernel must be compiled with dm-crypt support. No way around that. The options are under RAID support, device mapper, crypt target. 2) You need the userspace-tools. Basically that is cryptsetup or cryptsetup-LUKS. The latter is available fromhttp://luks.endorphin.org/ I would advide to go with LUKS. A lot of docu on the site as well. The way this works is as follows: Insetad of directly mounting the disk/partition, it is first mapped through the devece mapper (dm) with the crypto target (dm-crypt). The decrypted device is then mapped to a pseudo-device, e.g. /dev/mapper/d1. This one behaves just like a normal disk or partition for all practical purposes. One problem you may run into is performance. Strong crypto is CPU intensive. Might still be enough, though. Another problem is that you will have to get the development system for the Limux installation of the NAS, since you have to both compile kernel and the tools. Somebody might already have done this, BTW. Places to look arehttp://www.terastation.org/wiki/Hacking for help on hacking the Terrastation, unfortunately theu do not do server side encryption. Similar info should be on the web for other Linux-based NASes. Expect this to be a non-trivial project, though. Apologies, media servers = UPnP servers. I see. Thanks for your quick response. No problem. Arno OK change of tact, can you (or anyone else) recommend an afforable (Max USD$1,200) RAID 5 SATA/IDE USB Enclosure? Needs to have a minimum 5 disk bays. Something like thishttp://www.cooldrives.com/8hadrusb20ra.html would be great but it doesn't support RAID 5.- Hide quoted text - - Show quoted text - Thinking about it I guess i could buy the above and use software RAID 5, has anyone tried this? |
#7
|
|||
|
|||
NAS with data Encryption
|
#8
|
|||
|
|||
NAS with data Encryption
On Apr 10, 12:19 am, Arno Wagner wrote:
Previously wrote: On Apr 9, 10:13 pm, wrote: On Apr 9, 6:28 pm, Arno Wagner wrote: Previously wrote: You need to think about the functionality first: Do you want the NAS to encrypt (and have the keys in its memory) or do you want to encrypt on the client? Second case: just use an ordinary NAS. If I encrypt on the client then how will I be able to stream video from the NAS to a network media player (I have the Buffalo LinkTheater) the Network Media Player will not be able to decrypt the data that it is receiving? Right. All NASs that I mentioned above come with a built-in UPnP software to facilitate streaming of audio/video over the network, such as Buffalo's Mediabolic software and I want to be able to utilise that functionality. Ok, So you want transparent encryption on the NAS. If the NAS handled the encryption itself I woud be happy with that, a dedicated controler for the encrypt/decrypt would be nice. First case: Since the NAS cannot tell what should be encrypted and what not, that is likely a case for whole disk or at least partition encryption. Advantage: Everything is encrypted. Disadvantage: If somebody gets access to the device without shutting it doen, then they can read everything. I am happy with that risk, I have other measures in place to mitigate that. Ok. Solution for an encrypted NAS would be, e.g., a Linux server with LUKS. I have no idea whether there are ''media servers'' for Linux though. Arno I would like to procure a commerically available box if possible rather than building my own. There is firmware available for both the Terastation and Synology that allow SSH access so modifications should not be a problem. Ok, if you want LUKS or verbatim dm-crypt, then you need two things: 1) The kernel must be compiled with dm-crypt support. No way around that. The options are under RAID support, device mapper, crypt target. 2) You need the userspace-tools. Basically that is cryptsetup or cryptsetup-LUKS. The latter is available fromhttp://luks.endorphin.org/ I would advide to go with LUKS. A lot of docu on the site as well. The way this works is as follows: Insetad of directly mounting the disk/partition, it is first mapped through the devece mapper (dm) with the crypto target (dm-crypt). The decrypted device is then mapped to a pseudo-device, e.g. /dev/mapper/d1. This one behaves just like a normal disk or partition for all practical purposes. One problem you may run into is performance. Strong crypto is CPU intensive. Might still be enough, though. Another problem is that you will have to get the development system for the Limux installation of the NAS, since you have to both compile kernel and the tools. Somebody might already have done this, BTW. Places to look arehttp://www.terastation.org/wiki/Hacking for help on hacking the Terrastation, unfortunately theu do not do server side encryption. Similar info should be on the web for other Linux-based NASes. Expect this to be a non-trivial project, though. Apologies, media servers = UPnP servers. I see. Thanks for your quick response. No problem. Arno OK change of tact, can you (or anyone else) recommend an afforable (Max USD$1,200) RAID 5 SATA/IDE USB Enclosure? Needs to have a minimum 5 disk bays. Something like thishttp://www.cooldrives.com/8hadrusb20ra.html would be great but it doesn't support RAID 5.- Hide quoted text - - Show quoted text - Thinking about it I guess i could buy the above and use software RAID 5, has anyone tried this? I have about 6 TBs in two RAID5 and one RAID6 under Linux. No issues at all. You could do that with USB as well, using Limux RAID auto-detection it does not matter as which disk a disk shows up. The disks will also be assembled into the same RAID device each time. Speed would be pretty slow though, is my guess. Maybe 10MB/s reading and 5-7MB/s writing. But that is just a WAG. Could be better or worse. USB is a pretty slow bus. Arno- Hide quoted text - - Show quoted text - Who's enclosure do you use? I'm looking for one that can take between 5-8 drives and isn't too expensive. The theoretical data transfer rate of USB 2.0 is 480Mbps which should sufficient for my needs. |
#9
|
|||
|
|||
NAS with data Encryption
|
#10
|
|||
|
|||
NAS with data Encryption
On Apr 10, 2:58 pm, Arno Wagner wrote:
Previously wrote: On Apr 10, 12:19 am, Arno Wagner wrote: Previously wrote: On Apr 9, 10:13 pm, wrote: On Apr 9, 6:28 pm, Arno Wagner wrote: Previously wrote: You need to think about the functionality first: Do you want the NAS to encrypt (and have the keys in its memory) or do you want to encrypt on the client? Second case: just use an ordinary NAS. If I encrypt on the client then how will I be able to stream video from the NAS to a network media player (I have the Buffalo LinkTheater) the Network Media Player will not be able to decrypt the data that it is receiving? Right. All NASs that I mentioned above come with a built-in UPnP software to facilitate streaming of audio/video over the network, such as Buffalo's Mediabolic software and I want to be able to utilise that functionality. Ok, So you want transparent encryption on the NAS. If the NAS handled the encryption itself I woud be happy with that, a dedicated controler for the encrypt/decrypt would be nice. First case: Since the NAS cannot tell what should be encrypted and what not, that is likely a case for whole disk or at least partition encryption. Advantage: Everything is encrypted. Disadvantage: If somebody gets access to the device without shutting it doen, then they can read everything. I am happy with that risk, I have other measures in place to mitigate that. Ok. Solution for an encrypted NAS would be, e.g., a Linux server with LUKS. I have no idea whether there are ''media servers'' for Linux though. Arno I would like to procure a commerically available box if possible rather than building my own. There is firmware available for both the Terastation and Synology that allow SSH access so modifications should not be a problem. Ok, if you want LUKS or verbatim dm-crypt, then you need two things: 1) The kernel must be compiled with dm-crypt support. No way around that. The options are under RAID support, device mapper, crypt target. 2) You need the userspace-tools. Basically that is cryptsetup or cryptsetup-LUKS. The latter is available fromhttp://luks.endorphin.org/ I would advide to go with LUKS. A lot of docu on the site as well. The way this works is as follows: Insetad of directly mounting the disk/partition, it is first mapped through the devece mapper (dm) with the crypto target (dm-crypt). The decrypted device is then mapped to a pseudo-device, e.g. /dev/mapper/d1. This one behaves just like a normal disk or partition for all practical purposes. One problem you may run into is performance. Strong crypto is CPU intensive. Might still be enough, though. Another problem is that you will have to get the development system for the Limux installation of the NAS, since you have to both compile kernel and the tools. Somebody might already have done this, BTW. Places to look arehttp://www.terastation.org/wiki/Hacking for help on hacking the Terrastation, unfortunately theu do not do server side encryption. Similar info should be on the web for other Linux-based NASes. Expect this to be a non-trivial project, though. Apologies, media servers = UPnP servers. I see. Thanks for your quick response. No problem. Arno OK change of tact, can you (or anyone else) recommend an afforable (Max USD$1,200) RAID 5 SATA/IDE USB Enclosure? Needs to have a minimum 5 disk bays. Something like thishttp://www.cooldrives.com/8hadrusb20ra.html would be great but it doesn't support RAID 5.- Hide quoted text - - Show quoted text - Thinking about it I guess i could buy the above and use software RAID 5, has anyone tried this? I have about 6 TBs in two RAID5 and one RAID6 under Linux. No issues at all. You could do that with USB as well, using Limux RAID auto-detection it does not matter as which disk a disk shows up. The disks will also be assembled into the same RAID device each time. Speed would be pretty slow though, is my guess. Maybe 10MB/s reading and 5-7MB/s writing. But that is just a WAG. Could be better or worse. USB is a pretty slow bus. Arno- Hide quoted text - - Show quoted text - Who's enclosure do you use? I'm looking for one that can take between 5-8 drives and isn't too expensive. The disks are hard-mounted in a server case. No enclosures. The theoretical data transfer rate of USB 2.0 is 480Mbps which should sufficient for my needs. Yes, but RAID requires very fast switchover between devices. USB does not do so well on that. But I really have no hard data on the speed. Arno- Hide quoted text - - Show quoted text - OK decided to throw more money are this. Going to go for this: http://www.cooldrives.com/eidrrerasaii.html i'm struggling to find a 2- port multilane raid (5) adapater though, any ideas? |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Encryption | Ako | Dell Computers | 0 | November 25th 06 04:59 PM |
wireless encryption | [email protected] | General | 6 | October 30th 06 03:40 PM |
wireless encryption | [email protected] | General | 2 | October 22nd 06 10:37 PM |
data encryption and data recovery? | Noname | Storage (alternative) | 3 | February 23rd 06 06:43 AM |
hex wep encryption | news.rcn.com | Dell Computers | 12 | January 10th 06 06:21 PM |