ReadyNAS 6.1 volume encryption

egooner wrote:
Personally I would prefer to choose. I would like to be able to mount the encrypted drive via the admin page pasting the key in!!

Or maybe use two-factor. A USB key combined with an passphrase entered from the admin page.

StephenB wrote:
... The password/access controls on the shares and admin interface would protect your data from access if drives are in the ReadyNAS (even if the bad guy has the USB key). NOTE - this is a hypothetical. I don't know if Netgear used this kind of approach or not. ...

These can be reset without tampering with the data itself:
http://kb.netgear.com/app/answers/detail/a_id/22818
Handy if u've lost ur pass and forgot the recovery details but from a security point of view it's totally not okay. True, it would require physical access to the box but I'm guessing that won't be a problem, providing the box has been stolen.

StephenB wrote:
It would be helpful if Netgear gave more information on how the encryption is implemented. That would allow admins to do their own threat analysis, and in some cases, allow them to assess if the approach lets them meet regulatory requirements (such as HIPAA compliance in the US).

Couldn't find anything online. If I manage to find some free time I'll contact their support and try to find more info.

ngyurov wrote:
StephenB wrote: Handy if u've lost ur pass and forgot the recovery details but from a security point of view it's totally not okay. True, it would require physical access to the box but I'm guessing that won't be a problem, providing the box has been stolen.

I agree that from a security point of view it would be better if admins had a way to prevent OS reinstall. Perhaps OS reinstall should be set up to fail if the volume is encrypted.

Just to be sure: on a new system (in my case, a 316 with 3 4TB drive), is it possible to initialize the system with an encrypted volume and x-raid-2?

Right now, my system is formatting the drives for the first time. I'll let this complete, if nothing else to be sure the drives are OK. Then, to get an encrypted volume, do I:

- put a flash drive in the unit to hold the encryption key
-turn off x-raid
-delete the volume
-create a new volume, with encryption enabled.
-Wait however many hours it takes to create the volume and format it?
-turn x-raid back on

Will I now have full x-raid functionality, as well as an encrypted volume?

also, anyone know what the performance hit from encryption is?

Thanks, all!

I feel if you update to X-Raid the encryption works just fine but it may break if you expand the storage either vertical or horizontal.
I can tell you the NAS will not boot without the usb stick in both XRaid and Flex Raid.
I am testing speed now compared to without encryption.