NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Partitioning Ready NAS?
I have a Ready NAS Pro 4 and I was wondering if it is possible to partition the disks like with a local hard drive? I was wanting to create a partition use something like Truecrypt to encrypt the entire partition. That is currently what I am doing on one of my local drives. I want something like this to use for things like tax software that I want to keep encrypted. It just seems without the encryption, the data may be susceptable to hacking a lot easier. I am using RAID Level X-RAID2, 4 disks / Redundant
Thanks,
Dave
dave1234 wrote:
I have a Ready NAS Pro 4 and I was wondering if it is possible to partition the disks like with a local hard drive? I was wanting to create a partition use something like Truecrypt to encrypt the entire partition.
It is not possible. But you could convert the NAS to run OS-6, which does support hard drive encryption.
dave1234 wrote:
It just seems without the encryption, the data may be susceptable to hacking a lot easier.
No, encrypting the disks doesn't make the NAS less hackable. The primary defense of your data is your network security - for instance, disabling anonymous access, using strong passwords for SMB and web access, turning off services you don't use, etc. Upgrading to OS 6 would improve your network security - it supports SMB 3, and you can enforce transport encryption and authentication. OS 4.2.x only supports SMB 1.
What encrypting the disks do accomplish is making it more difficult for someone who physically steals the NAS to gain access to your data. Though if the thief steals the encryption USB key along with the NAS, they could still regain access. Personally I don't see much benefit - and there are signficant drawbacks. Disk Encryption can make it impossible to recover data if that is needed. Plus encrypted volumes on the NAS can't be vertically expanded, so if you run out of space you'd have to offload all the data, rebuild the NAS volume, and restore it.
If you are mostly concerned about hacking, then a better plan is to put a veracrypt container on the NAS and use that for your sensitive data. That is better because the NAS cannot decrypt the files - that can only be done on the client PC. So there is better network security. Someone stealing both the PC and the NAS could still potentially gain access (by hacking into the PC). The downside is that only one device can access the veryacrypt container at a time.
3 Replies
dave1234 wrote:
I have a Ready NAS Pro 4 and I was wondering if it is possible to partition the disks like with a local hard drive? I was wanting to create a partition use something like Truecrypt to encrypt the entire partition.
It is not possible. But you could convert the NAS to run OS-6, which does support hard drive encryption.
dave1234 wrote:
It just seems without the encryption, the data may be susceptable to hacking a lot easier.
No, encrypting the disks doesn't make the NAS less hackable. The primary defense of your data is your network security - for instance, disabling anonymous access, using strong passwords for SMB and web access, turning off services you don't use, etc. Upgrading to OS 6 would improve your network security - it supports SMB 3, and you can enforce transport encryption and authentication. OS 4.2.x only supports SMB 1.
What encrypting the disks do accomplish is making it more difficult for someone who physically steals the NAS to gain access to your data. Though if the thief steals the encryption USB key along with the NAS, they could still regain access. Personally I don't see much benefit - and there are signficant drawbacks. Disk Encryption can make it impossible to recover data if that is needed. Plus encrypted volumes on the NAS can't be vertically expanded, so if you run out of space you'd have to offload all the data, rebuild the NAS volume, and restore it.
If you are mostly concerned about hacking, then a better plan is to put a veracrypt container on the NAS and use that for your sensitive data. That is better because the NAS cannot decrypt the files - that can only be done on the client PC. So there is better network security. Someone stealing both the PC and the NAS could still potentially gain access (by hacking into the PC). The downside is that only one device can access the veryacrypt container at a time.
You may be able to use iSCSI and encrypt the volume you create on it with VeraCrypt (dump TrueCrypt, it's outdated). But you are much better off creating an encrypted container in a share. That's what I do. It can be set up to only use the necessary space and grow as needed, and it gets backed up just like all your other files. Note that only one user can access it at a time (which sounds like what you'll be doing, anyway). And you should disable Strict Sync for the share that contains the container, or writes will be extremely slow.
Windows BitLocker can be used as well on a virtual disk file. It doesn't seem to need the Strict Sync disable.
Thanks for the information. I have used Veracrypt to encrypt containers before. The only reason I prefer to encrypt partitions instead of containers is that I have accidently deleted a container before, losing all data stored in it. You can't do that if the partition is encrypted. Looks like this is my best bet for the NAS though. Thanks for the suggestions (including disabling Strict Sync)!.
Dave
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
