NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
New ReadyOS 6.10.3 and usb encryption
Hi to all, I see in the setting menu a new entry: "usb encryption" Did I miss it before or it is a new feature? How does it works?
I have the same question - a long-awaited feature for many people but the user documentation hasn't been updated to explain how to use this?
We've been paying out for external backup drives in encryption caddies with keypad which work great, but this feature might mean we can just use plain USB drives in future. It depends how they are utilised and read from other locations. Please post instructions Netgear?
Thanks.
It is a new feature on the ReadyNAS system where you can get your USB external devices encrypted for data inside it to be secured.
If you do get your USB Encrypted using this feature then from that point on, you can access your data from your ReadyNAS system only when the encryption key is available. Connecting it to a PC or Mac it will be not recognized and will prompt you to reformat the drive.
This feature would be best for users who needs to backup their NAS data and get it secured and to be used for recovery or backtracking and also to protect it in case of theft or other malicious activities.
Using it however on other systems is not possible you might be able to mount it on linux. This might be a good Idea to post it on the Ideas Exchange board.
HTH
Marc_V wrote:
If you do get your USB Encrypted using this feature then from that point on, you can access your data from your ReadyNAS system only when the encryption key is available. Connecting it to a PC or Mac it will be not recognized and will prompt you to reformat the drive.
This really needs a KB article (and should be in the user manual).
FWIW, I think that for most people this is a useless feature. Not much point in having a backup that can't be read without a working ReadyNAS.
There should be some off-line way of mounting the USB volume - at least from a linux system.
Marc_V wrote:It is a new feature on the ReadyNAS system where you can get your USB external devices encrypted for data inside it to be secured.
If you do get your USB Encrypted using this feature then from that point on, you can access your data from your ReadyNAS system only when the encryption key is available. Connecting it to a PC or Mac it will be not recognized and will prompt you to reformat the drive.
This feature would be best for users who needs to backup their NAS data and get it secured and to be used for recovery or backtracking and also to protect it in case of theft or other malicious activities.
Using it however on other systems is not possible you might be able to mount it on linux. This might be a good Idea to post it on the Ideas Exchange board.
HTH
Thanks for the clarification Marc. I have been wishing for the NAS to be able to encrypt a connected USB for a long time but sadly this is not flexible enough. If we do our nighty backup to an external USB HDD encrypted in this way and the NAS goes down, it means we can't get to ANY of our data until we order a new NAS, get it installed and commissioned > the business stops = not compatible with our business continuity plan!
Presently we use external drives with hardware encryption via a disk caddy with keypad - if the NAS goes down then we can plug it into a PC and get essential data off it temporarily so we can keep working until the new NAS arrives.
Also, it would be nice if the new feature allowed us to encrypt a USB flash drive and put data on it to give give/mail to someone outside the company.
One other scenario: we have a new RR2304 as our "working" NAS (connected to the internet) and have an older RN2120 as an "offline" (air-gapped) device to be used for archiving older data (and sensitive data). Is it possible to transfer a copy of the encryption key for the USB device to the RN2120 aswell so data can be transferred from one NAS to the other using the encrypted device? (This will likely be moot as we need to check the device intermediately using a standalone 'sheepdip' PC, but it could be useful to know.)
It looks like this is a big step in the right direction but I think to be useful it really needs to be readable on a PC by someone who has a copy of the the key.
Thanks
Hugh
While documentation is lacking, I believe the USB key for USB drive encryption works the same as for the main volume (when it is encrypted), so it can be duplicated for your other NAS in the same manner. They certainly have to have made provisions for replacing a lost/broken key, which means you can have a duplicate
Instead of air gapping your backup NAS, you may want to consider what I and StephenB do, which is to use RSYNC backup and disable the other protocols (except HTTP, which needs to be on for Admin access, but does not need to be enabled for any shares). Converting this to an online NAS if the primary goes down is pretty easy, especially if you use Active Directory or keep the user list up to date. Just be sure to use strong passwords for the admin and rsync passwords.
Sandshark wrote:
Instead of air gapping your backup NAS, you may want to consider what I and StephenB do, which is to use RSYNC backup and disable the other protocols (except HTTP, which needs to be on for Admin access, but does not need to be enabled for any shares).
Also, mine is on a power schedule, so it is off when it is not backing up (or performing a maintenance task).
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
