NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
New ReadyOS 6.10.3 and usb encryption
Hi to all, I see in the setting menu a new entry: "usb encryption" Did I miss it before or it is a new feature? How does it works?
StephenB wrote:
Sandshark wrote:Instead of air gapping your backup NAS, you may want to consider what I and StephenB do, which is to use RSYNC backup and disable the other protocols (except HTTP, which needs to be on for Admin access, but does not need to be enabled for any shares).
Also, mine is on a power schedule, so it is off when it is not backing up (or performing a maintenance task).
Thanks for the suggestions - unfortunately the second NAS MUST be air-gapped - no option. We have certain new security requirements put upon us by our primary customer at a recent security audit - that's why we bought the RR2304 and moved our old RN2120 to create the offline storage. Also there is no possibility for it to be connected online if the main one fails.
We don't use AD but only have 5 users. On the main NAS some work remotely using ReadyCloud until late at night and weekends, but we do a scheduled shut down for a few hours each night after backup has finished until early morning.
Thanks,
Hugh
OK. I understand that your hand is being forced. But keeping a backup offline means it's not going to be kept up to date as well. What are you doing, "sneeker net" with a USB drive?
Being locally online does not mean the NAS has to be available via the Internet. You can have a separate router (or just a switch or direct wiring if you use static IPs) for the second port of your main NAS that connects to the backup and has no internet access. Of course, VLANs can do much the same thing, but many IT security people know security but very little about IT or don't think paractically. Like arcane pasword requirements that pretty much force you to write them down -- is that really more secure?
Please do not go off-topic.
Anyway, you would need another ReadyNAS, and of the key in order to get access to the data.
It could be that several cases, where I would heave the need to get access to the data froma Windows/MAC computer.
i.e. my nas is damaged, I need now access to the data
profeta64 wrote:
It could be that several cases, where I would have the need to get access to the data from a Windows/MAC computer.
i.e. my nas is damaged, I need now access to the data
I agree, that's an obvious need. If it can't be done natively, there should at least be a VM that can be used to access the data.
StephenB wrote:I agree, that's an obvious need. If it can't be done natively, there should at least be a VM that can be used to access the data.
I've never tried to use encryption with the ReadyNAS VM, or even assign a USB port to it. I've never tried USB drive encryp[tion on a real RedayNAS, either, since it's new and I don't have a need for it. I use Veracrypt for all my encryption needs, which I run on a PC and have the target file on the NAS. But I just keep a few thigs like tax files and such in it.
This sounds like a worthwhile experiment for somebody to run. I'm afraid I may not get to it before the OP needs to make a decision, though I'll put it on my list.
The ReadyNAS VM does not recognize when a USB drive is connected to it, so that's apparently not an option. It's there and can be manually mounted, but it doesn't show up anywhere in the GUI. If there is a way to trigger the OS to see it like it does a newly inserted one on a real NAS, then maybe it would work.
Digging a bit more, I note that LUKS is installed on a ReadyNAS, so i rather expect it's being used for the encryption. If it is, then perhaps LibreCrypt could access it.
Sandshark wrote:
Digging a bit more, I note that LUKS is installed on a ReadyNAS, so i rather expect it's being used for the encryption.
Yes, I believe it is. But there are a couple of ways that can be set up - it would be helpful if Netgear published a procedure for manually mounting an encrypted volume.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
