NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
does readynas pro 4 crypt data on disks?
Hello at all,
I would like to know if the readynas pro 4 can have the features to crypt data. If he can how set the crypt functions on ReadyNaspro4?
Thank a lot
Bob
ReadyNAS drive encryption protects your data if someone
- steals your internal hard disks (or the full NAS)
- but doesn't steal the USB thumb drive (or can't figure out what it is for).
- and doesn't steal an unencrypted USB backup.
It doesn't protect against any other threats, and it creates some operational headaches. That includes the risk that you'd lose the data because you've lost the encryption key. Personally I find that the extra security isn't worth the bother. But others here disagree, and use the feature.
Bob245 wrote:
Hi Stephen,
Can you give me more info about the "USB thumb drive with the encryption key". There are info how to create this USB key?But in general the are exaustive documentations about how to use encryption with Netgear Ready nas Pro 4 when it have os6 on board?
See page 31 of the software manual.
http://www.downloads.netgear.com/files/GDC/READYNAS-100/READYNAS_OS_6_SM_EN.pdf wrote:
During volume creation, you can also enable volume encryption. Encryption is optional. When encryption
is enabled, data is encrypted in real time as it is written to the volume.You cannot encrypt existing volumes. Encryption is possible only when you are creating new volumes.When created, the volume will be a Flex-RAID
volume, but after you create it, you can change it to an X-RAID volume.
You need a USB drive to store the encryption key that is generated during volume creation.You can also
specify that the encryption key be emailed to you for safe keeping. If you lose the USB drive with the
encryption key, you can load the emailed encryption key onto another USB drive.
You must insert the USB drive with the encryption key into a USB port on the ReadyNAS for the volume to
be unlocked and accessible.You must insert the USB drive to unlock an encrypted volume during reboot.
If you do not insert the USB key on reboot, there is a 10-minute time-out during which you can insert the
key. Otherwise, you wll not be able to access the encrypted volume until the ReadyNAS is again rebooted.
You can remove the USB drive after unlocking the volume. We recommend storing the USB drive with the
encryption key in a safe and secure location when not in use.Note that installing new firmware requires a reboot, and if the NAS experiences an unexpected power cut it will try to reboot automatically.
So if you use volume encryption, it is best to protect the NAS with a UPS (which would largely eliminate the power cuts). IMO you should do that anyway - a lot of "I lost my data" stories begin with a power failure.
You would be unable to install firmware remotely (or otherwise reboot the NAS) unless the key was inserted - either all the time, or with the help of someone on site. Also, make sure you have multiple copies of the key - because if the USB drive were to fail, you'll need to create a new one to access your data.
Also, this encryption only applies to the internal disk volume. Backups made using the built-in back up jobs are unencrypted. So if you use USB backup (and you do need to back up the NAS), then you'd need to secure the backup disks somewhere else.
The ReadyNAS Pro normally runs 4.2.x firmware. That doesn't support disk encryption. However, the NAS can be converted to run OS 6 firmware that does support encryption.
The on-disk encryption doesn't help as much as you might think, since you need to insert the USB thumb drive with the encryption key into the NAS to boot it. In practice, that thumb drive needs to be stored near the NAS.
There are some alternatives that might need your needs. You could install veracrypt on your client devices, and put the encrypted container on a network share. You can similarly use iSCSI. In both cases the encryption is done in the client devices.
Hi Stephen,
Can you give me more info about the "USB thumb drive with the encryption key". There are info how to create this USB key?
But in general the are exaustive documentations about how to use encryption with Netgear Ready nas Pro 4 when it have os6 on board?
Thanks
ReadyNAS drive encryption protects your data if someone
- steals your internal hard disks (or the full NAS)
- but doesn't steal the USB thumb drive (or can't figure out what it is for).
- and doesn't steal an unencrypted USB backup.
It doesn't protect against any other threats, and it creates some operational headaches. That includes the risk that you'd lose the data because you've lost the encryption key. Personally I find that the extra security isn't worth the bother. But others here disagree, and use the feature.
Bob245 wrote:
Hi Stephen,
Can you give me more info about the "USB thumb drive with the encryption key". There are info how to create this USB key?But in general the are exaustive documentations about how to use encryption with Netgear Ready nas Pro 4 when it have os6 on board?
See page 31 of the software manual.
http://www.downloads.netgear.com/files/GDC/READYNAS-100/READYNAS_OS_6_SM_EN.pdf wrote:
During volume creation, you can also enable volume encryption. Encryption is optional. When encryption
is enabled, data is encrypted in real time as it is written to the volume.You cannot encrypt existing volumes. Encryption is possible only when you are creating new volumes.When created, the volume will be a Flex-RAID
volume, but after you create it, you can change it to an X-RAID volume.
You need a USB drive to store the encryption key that is generated during volume creation.You can also
specify that the encryption key be emailed to you for safe keeping. If you lose the USB drive with the
encryption key, you can load the emailed encryption key onto another USB drive.
You must insert the USB drive with the encryption key into a USB port on the ReadyNAS for the volume to
be unlocked and accessible.You must insert the USB drive to unlock an encrypted volume during reboot.
If you do not insert the USB key on reboot, there is a 10-minute time-out during which you can insert the
key. Otherwise, you wll not be able to access the encrypted volume until the ReadyNAS is again rebooted.
You can remove the USB drive after unlocking the volume. We recommend storing the USB drive with the
encryption key in a safe and secure location when not in use.Note that installing new firmware requires a reboot, and if the NAS experiences an unexpected power cut it will try to reboot automatically.
So if you use volume encryption, it is best to protect the NAS with a UPS (which would largely eliminate the power cuts). IMO you should do that anyway - a lot of "I lost my data" stories begin with a power failure.
You would be unable to install firmware remotely (or otherwise reboot the NAS) unless the key was inserted - either all the time, or with the help of someone on site. Also, make sure you have multiple copies of the key - because if the USB drive were to fail, you'll need to create a new one to access your data.
Also, this encryption only applies to the internal disk volume. Backups made using the built-in back up jobs are unencrypted. So if you use USB backup (and you do need to back up the NAS), then you'd need to secure the backup disks somewhere else.
many thanks!!
bob
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
