NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS OS 6.2.x encrypted data recovery
I got help here before on this forum to recover data by connecting the disks to another machine and loading up the correct version of Fedora to access the data (practice in case of hardware failure).
I have a ReadyNAS 314 with 4 x 2Tb hard disks in a RAID 6 configuration. I'd like to use the encryption system, but I need data recovery information first. A few questions:
1) What is the security system of ReadyNAS OS6.2.x? I've seen mentioned in the forums it's LUKS - can anyone confirm this? Which modules are being used and are they standard Linux components?
2) How could I mount the disks on another set of hardware (motherboard) and using an outside OS (some flavor of Linux like Fedora) and access encrypted data? I was successful in recovering a RAID 6 disk set before on a temporary install of Fedora, but that was without encryption. How do I move the key over to the recovery system? Which Linux software would handle this? How do I activate decryption or just data access (ie. on-the-fly decryption)?
3) How can I best protect this encryption key? Can it be safely copied to another file storage media? Is is protected when it's on the thumb drive? (ie. can someone access the key in plaintext directly from the thumb drive if they had physical access?)
I've searched through all the guides and manuals and I can't find anything about this. There are hints here and there in the forums, but the issues discussed were different. My main concerns are 1) what is the data encryption security model? 2) how can I do a hardware-failure type data recovery using another motherboard and Linux OS when the data on the volumes is encrypted? 3) how can I protect the encryption key from being stolen/compromised, both online and offline?
Thanks for your help,
Stan
I have a ReadyNAS 314 with 4 x 2Tb hard disks in a RAID 6 configuration. I'd like to use the encryption system, but I need data recovery information first. A few questions:
1) What is the security system of ReadyNAS OS6.2.x? I've seen mentioned in the forums it's LUKS - can anyone confirm this? Which modules are being used and are they standard Linux components?
2) How could I mount the disks on another set of hardware (motherboard) and using an outside OS (some flavor of Linux like Fedora) and access encrypted data? I was successful in recovering a RAID 6 disk set before on a temporary install of Fedora, but that was without encryption. How do I move the key over to the recovery system? Which Linux software would handle this? How do I activate decryption or just data access (ie. on-the-fly decryption)?
3) How can I best protect this encryption key? Can it be safely copied to another file storage media? Is is protected when it's on the thumb drive? (ie. can someone access the key in plaintext directly from the thumb drive if they had physical access?)
I've searched through all the guides and manuals and I can't find anything about this. There are hints here and there in the forums, but the issues discussed were different. My main concerns are 1) what is the data encryption security model? 2) how can I do a hardware-failure type data recovery using another motherboard and Linux OS when the data on the volumes is encrypted? 3) how can I protect the encryption key from being stolen/compromised, both online and offline?
Thanks for your help,
Stan
1 Reply
Replies have been turned off for this discussion
- 1) We always use standard Linux components for things like this to make sure data recovery is possible using ordinary Linux machines. Also it's better to used tried and proven packages for things like this than to re-invent the wheel.
2) The key stored on the USB key could be used.
3) After the volume has been mounted successfully on boot disconnect the USB key and put it in a safe place or keep it on your person. If the NAS needs to be rebooted for whatever reason the USB key will need to be reconnected before the volume can be mounted.
I don't think sharing the commands for this is appropriate at this time. All of the steps can be done on an ordinary x86 Linux machine.
Regardless of whether you use encryption or not backups are important. Of course if the primary copy is stored on an encrypted volume it would make sense for the backup to be on an encrypted volume on another device as well.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
