NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Using Clevis / TANG Server for Encryption
"Simple" question: Is is possible to set up the ReadyNAS 104 (FW 6.6.0) to use a TANG server to store and provide the decryption key(s)?
We have a local TANG server which is used by some of our Centos boxes so that should the encrypted machine be stolen, it won't be able to reach the TANG server and therefore, the data remains in the encrypted state and un-accessible to the would-be thieves.
I see it's possible to encrypt a ReadyNAS volume but I also note that it needs a USB key to be inserted at boot to decrypt - not very sysadmin friendly as should the power be lost and restored, they'd have to journey to our data centre to plug a USB drive in. Of course, the other option is to leave the key plugged in but, if the machine was physically stolen, it'd just decrypt on boot - thus making encryption totally pointless!
Oh and although the server resides in a building you need an access card to get in, followed by a physical key'd door and followed by a code-lock'd door, the chances of it being physically stolen are slim but given that it's all possible with social engineering, we would like to just err on the side of caution.
1 Reply
Replies have been turned off for this discussion
I think a lot of folks would be interested in this. Can you post it in the idea exchange ( https://community.netgear.com/t5/ReadyNAS-Idea-Exchange/idb-p/idea-exchange-for-storage ). Perhaps link to that post here, to encourage folks to add kudos.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
