NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ReadyNAS Encryption
Hello, I am a new admin with a RR2312. No matter what I type in the Model field, it blanks it immediately :-(. I have created several volumes on the NAS. I would like to use one of the volume...
You really created multiple volumes, each of which must encompass at least one full drive? That's not a very efficient method of using a NAS. The more usual method is to create one volume across multiple drives with multiple shares. Of course, the ReadyNAS does not have share-level encryption, so if you want only some of your shares in an encrypted volume, you would have to create at least one separate volume for that.
I think what you are looking for is more like VeraCrypt containers or BitLocker encrypted virtual drives within a share. Those are restricted to a single computer having one open, but your use sounds like that's not a problem. I use VeraCrypt. You don't run it on the NAS, you run it on the PC and put the container on the NAS. Note that you will want to disable strict sync for that share, or writes will be very slow. BitLocker encrypted VHDs don't have the problem with strict sync, but I have only used them for experiments in determining why the VeraCrypt writes go so slow and looking for an alternative if I couldn't find and fix it.
Another option that I have not investigated is to use iSCSI to create virtual drives and BitLocker encrypt those.
Sandshark wrote:
I think what you are looking for is more like VeraCrypt containers or BitLocker encrypted virtual drives within a share.
That would provide protection from someone else getting the VM images, but it wouldn't provide any protection from a ransomware attack.
StephenB wrote:
Sandshark wrote:I think what you are looking for is more like VeraCrypt containers or BitLocker encrypted virtual drives within a share.
That would provide protection from someone else getting the VM images, but it wouldn't provide any protection from a ransomware attack.
I didn't consider that if the ransomware can get to the containers, it can still re-encrypt them. So, the iSCSI option, with the whole volume encrypted by BitLocker or VeraCrypt, seems a possible solution. You can lock and unlock the volume and even connect and disconnect the target if you want to go that far. This, too, is limited to a single user at a time.
Thank you. I think the iSCSI method might work and I think I can figure out how to do it :-)
On behalf of our stray and abandoned animal clients, thank you.
Steve
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
