Disk/Volume Encryption

3TB disks don't even have a release date and this is more important? IPv6 is a long way from being enforced and which ISP in the UK provides IPv6 services as standard? ... You need to get priorities right

These are both very naive comments - particularly when posted the same day as the release of the 1st bare 3TB drive.

There are places in the world where IPv6 *has* been enforced by ISPs and for those users lack of IPv6 support can create tremendous difficulty. It also holds back adoption of ReadyNAS devices on business networks that run on IPv6. Just because you are not affected in the UK doesn't make this less of an issue.

While encryption would be "nice to have" there are other ways to achieve security, whereas IPv6 is an unconditional requirement for an increasing number of people

I have tested Encfs and it's performance in paranoia mode is abysmal:

Then it may be that you have answered your own question as to why this is not yet supported...

sphardy wrote:
3TB disks don't even have a release date and this is more important? IPv6 is a long way from being enforced and which ISP in the UK provides IPv6 services as standard? ... You need to get priorities right These are both very naive comments - particularly when posted the same day as the release of the 1st bare 3TB drive.

So let me get this straight, 3TB drive comes onto the market today. Customers have been demanding encryption for years and 3TB drive is given priority? Hello......
It's going to be a long time before anyone sane installs a 3TB drive in a production NAS, whether it be a home user or a business user.

sphardy wrote:
There are places in the world where IPv6 *has* been enforced by ISPs and for those users lack of IPv6 support can create tremendous difficulty. It also holds back adoption of ReadyNAS devices on business networks that run on IPv6. Just because you are not affected in the UK doesn't make this less of an issue.

Wow, care to name these places? You do realise anyone on IPv6 cannot get to 99.9% of websites/internet and their are only a handful of IPv6 to IPv4 tunnels and even those are unreliable.

sphardy wrote:
While encryption would be "nice to have" there are other ways to achieve security, whereas IPv6 is an unconditional requirement for an increasing number of people

What about Business users for whom 'Encryption' is an unconditional requirement?

sphardy wrote:
I have tested Encfs and it's performance in paranoia mode is abysmal: Then it may be that you have answered your own question as to why this is not yet supported...

There are many variations to encryption, I just used the bog standard configuration. I am sure once tweaked performance can be improved however I would gladly give up performance over security.

immy wrote:
So let me get this straight, 3TB drive comes onto the market today. Customers have been demanding encryption for years and 3TB drive is given priority?

Yes. However it's not that simple. It's been obvious for quite a while that 3TB disks would come late 2010, with the arrival of the SeaGate 3TB external the first product to use a 3TB disk. NetGear has been working to prepare for this. They have added support for 4k sectors this year (4k sectors are required for disks >2TB) and will work to address further compatibility issues specific to using 3TB disks if they arise.

NetGear's competition will also move to qualify 3TB drives. Supporting high capacity disks is something all NAS manufacturers would see as a high priority.

immy wrote:
Hello...... It's going to be a long time before anyone sane installs a 3TB drive in a production NAS, whether it be a home user or a business user.

I disagree. So long as you store important data on two devices at all times and wait for NetGear to qualify the disk before purchasing there shouldn't be great concern for home users. On 6-bay x86 ReadyNAS you can also use dual-redundancy (which I recommend btw). Personally I'm considering whether to use 3TB disks in a backup ReadyNAS soon.

immy wrote:
What about Business users for whom 'Encryption' is an unconditional requirement?

You can encrypt data using a PC as has already been mentioned.

immy wrote:
There are many variations to encryption, I just used the bog standard configuration. I am sure once tweaked performance can be improved however I would gladly give up performance over security.

Performance can be improved, but it'll still obviously be much slower than not using encryption. Obviously a lot of testing would be required to determine optimum levels of encryption for various models and perhaps a level that is suitable for the whole range of x86 devices.

Wow, care to name these places?

Here's one business user demonstrating the point: viewtopic.php?f=25&t=41836

Then there's this little requirement: viewtopic.php?f=18&t=10480&p=225129

Or what about this? viewtopic.php?f=18&t=10480&p=222065

And that's just from a 2 min search of this forum

Again - what is a neccessity in your little part of the world does mean it is the same for others. And this is not meant to belittle encryption - I strongly believe that increasing legal requirements for protection of data will make this *very* important moving forward, but to demand right now that it should be the highest priority is simply not realistic

sphardy wrote:
And this is not meant to belittle encryption - I strongly believe that increasing legal requirements for protection of data will make this *very* important moving forward, but to demand right now that it should be the highest priority is simply not realistic

+1. I'm all for more features such as this one too. I'm sure I've expressed that elsewhere on the forum.

"Encryption is a nice feature, but it's not the most important. NetGear can't bring everything they want to in at once and they have to prioritize."

Encryption is no longer a feature for our customers. It is a de facto legal requirement.
Massachusetts' data protection regulation, 201 CMR 17.00, is one of the strictest in the nation.
Unreported theft of Data = $50K fine
Reported but un-encrypted data theft = $50K fine
Each personal record = $5K per record.
Applies to ALL businesses in MA and any state that stores data of a MA resident.
So, our target vertical client base(s) of legal, financial and medical must ensure the security of the information they store. Add to this HIPAA and HiTech requirements for PHI and this makes encryption anything but a "feature" This is a REQUIREMENT!
We are actively replacing ReadyNAS units in our customer locations with competitors products for this very reason.
If ReadyNAS wants to sell a business class product, they need to provide business class functionality. The lack of disk encryption makes the brand a non-starter. We can live with the clunky interface while the rest have switched to AJAX.
RSYNC over SSH was a requirement as well and it bought a little more breathing room. The reality is we could replicated data via RSYNC over AES encrypted tunnels and meet the requirements of the law. We could use iSCSI initiators and point to the ReadyNAS as a storage container but that defeats the appeal of a NAS.

Bottom line... No Encryption, No ReadyNAS for any business that stores MA resident data or PHI (personal health information) !

@whcp

Encryption is no longer a feature for our customers.

On disk encryption provides additional physical protection to data and so might help in the case of, for example, theft (ie stealing the HDD from the NAS), but it doesn't protect against theft by the business being hacked.

So can you please explain the type of customers affected by this? It's not like your customers would forget they had a NAS on the back seat of the car and had it stolen - these things are usually locked away in secure server room with very limited access.

Please enlighten me - I must be missing something

sphardy wrote:

Wow, care to name these places? Here's one business user demonstrating the point: viewtopic.php?f=25&t=41836 Then there's this little requirement: viewtopic.php?f=18&t=10480&p=225129 Or what about this? viewtopic.php?f=18&t=10480&p=222065 And that's just from a 2 min search of this forum Again - what is a neccessity in your little part of the world does mean it is the same for others. And this is not meant to belittle encryption - I strongly believe that increasing legal requirements for protection of data will make this *very* important moving forward, but to demand right now that it should be the highest priority is simply not realistic

I am sorry but your trying to convince me as a Business user that IPv6 is more important than Encryption on a NAS box and that just isn't going to work...
IPv6 is not a necessity, neither is it compulsory and neither does it provide protection for your data. When you sell a portable 'Business' product which stores data, security should be most paramount of features not an internet protocol.

sphardy wrote:

@whcp Encryption is no longer a feature for our customers. On disk encryption provides additional physical protection to data and so might help in the case of, for example, theft (ie stealing the HDD from the NAS), but it doesn't protect against theft by the business being hacked. So can you please explain the type of customers affected by this? It's not like your customers would forget they had a NAS on the back seat of the car and had it stolen - these things are usually locked away in secure server room with very limited access. Please enlighten me - I must be missing something

Stolen... exactly!
Just finnished converting a small law office from a NVX to a QNAP TS-459 Pro+ Turbo NAS last month. We enabled AES 256 bit Volume-based encryption on the QNAP.
Over this past weekend the office was broken into and ALL hardware was taken.
All PCs and Laptops were running BitLocker.
The QNAP was AES encrypted.
The Copy machine used a hardware based encrypted drive. ALL STOLEN but...
It was reported = NO fine.
It was all encrypted = NO fine.
Personal records were not accessable = NO fine.
Data was synced to Amazon S3 so we were able to have the office back up and running by the end of the day Monday.
I dont know where you think folks are storing these units in small offices but a locked closet door gets kicked in and that is the end to your physical security.
The NVX is now at one of the Partners homes acting as a media server...
Security is 70% policy, 20% physical and 10% digital. Encryption is ofter the last line of defense but is no less important.
Security by obscurity is not a viable option in todays market!
AND a customer did have a NAS stolen from her trunk while she was moving between offices (Good thing it was a Synology DS210+ with AES enabled)!
Dont get me wrong... I will not part with my personal Pro but for businesses, we are no longer comfortable reccomending the product!

P.S. Hacking is a seperate issue that is addressed with 2 factor authenticaion, disabling IO devices, using UTM appliences as active gateways or in transparent mode, propper firewall configs, email encryption and forced password policies with change intervals and/or the use of SID's.
Drive encryption has become a critical component in todays environment.

Hope that small law office takes more care with their customer files on paper... Is there a law for if that stuff gets stolen too?(and I wouldn't believe for a second that nothing is on paper)