Why encryption if there's already permissions?

Question

Hi, I'm wondering why would I add encryption on a volume of a ReadyNAS RN214. What advantages would it give me?

I did not check the recovery for admin password

https://kb.netgear.com/22784/How-do-I-recover-a-lost-administrator-password-on-my-ReadyNAS-OS-6-storage-system

And I've set up a share with no anonymous access, deleted the user Everyone and added a new user with a password.

If someone were to steal my ReadyNAS, he doesn't have the password for the control panel nor does he have the password for the SMB user's share. I don't see a way for them to read the data. It's in RAID-5, pulling a hard drive and trying to read the content shouldn't work either.

He could however re-install the OS with a physical access to the ReadyNAS, thus resetting the admin password. But with or without encryption, you would be able to Browse any share. I don't understand what the encryption adds as a security in case someone were to steal the ReadyNAS.

Zurd · Answer

Thanks for all this good information, in the end I choose the encryption with the ReadyNAS. It's still pretty good, if anyone's stealing it without the USB key, he'll never be able to read the data. Just don't tell the thief that I have a USB key hidden arround :)&nbsp;There's a slight performance drop with the encryption that way but really not that much, I'm happy with the end results.&nbsp;&nbsp;

Sandshark · Answer

For most, there is very little use for it. Since you need the USB key hand any time the NAS is rebooted, you are likely to keep it close to the NAS, or even in the USB port. So a thief will get your key when he gets your NAS. You can only hope he doesn't realize they go together.

Encryption also limits your expansion options.

If you have personal data you want encrypted, the use of VeraCrypt volumes on the NAS is probably more useful for the average user.

Now, if a business has highly proprietary or HIPA data on the drive, then encrypting could be of use because it would preent any possible recovery of the data, even from a failed drive removed from the NAS.

Zurd · Answer

Ok I understand how the encryption works on the ReadyNAS now. It's not bad but like you said, you'll need a USB key near at all times in case there's a reboot (blackout, firmware upgrade).

VeraCrypt would be better and I'm already using it on an external hard drive so I know a bit how it works but I don't find any information on how to use it with a ReadyNAS volume. I cannot mount the ReadyNAS in VeraCrypt. Know how I can achieve this?

Sandshark · Answer

The best way to use VeraCrypt with the ReadyNAS is toi run the program on your PC and just put the container on the NAS just like you would on an external drive.&nbsp; It is probably possible to install a Linux version of VeraCrypt on the NAS, but that's likely a lot more trouble with few additional capabilities.

StephenB · Answer

Sandshark wrote:
The best way to use VeraCrypt with the ReadyNAS is toi run the program on your PC and just put the container on the NAS just like you would on an external drive.&nbsp;

Yes.&nbsp; The encryption is only known by the PC, and the encrypted data isn't on the PC, but on the NAS.&nbsp; Both devices are needed to access the encrypted data.
&nbsp;
There are some similar options, including using Microsoft VHDs.
&nbsp;
The downside is that these approaches are usually designed for single user acess.&nbsp; Another factor is that if the NAS is only providing block storage, these volumes are difficult to back up.&nbsp; ReadyDR should work efficiently, but the other backup protocols in the NAS will back up the entire volume when it changes.

Forum Discussion

Why encryption if there's already permissions?

7 Replies

Related Content

Encryption failed

Old Encryption Error

WGR614v7. Changing encryption type from WEP to WPA2.

RN428 - Waiting for encryption key but no encrypted volumes available

ssh: permission denied (publickey)

NETGEAR Academy

ProSupport for Business