- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Using Clevis / TANG Server for Encryption
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using Clevis / TANG Server for Encryption
We have a local TANG server which is used by some of our Centos boxes so that should the encrypted machine be stolen, it won't be able to reach the TANG server and therefore, the data remains in the encrypted state and un-accessible to the would-be thieves.
I see it's possible to encrypt a ReadyNAS volume but I also note that it needs a USB key to be inserted at boot to decrypt - not very sysadmin friendly as should the power be lost and restored, they'd have to journey to our data centre to plug a USB drive in. Of course, the other option is to leave the key plugged in but, if the machine was physically stolen, it'd just decrypt on boot - thus making encryption totally pointless!
Oh and although the server resides in a building you need an access card to get in, followed by a physical key'd door and followed by a code-lock'd door, the chances of it being physically stolen are slim but given that it's all possible with social engineering, we would like to just err on the side of caution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Using Clevis / TANG Server for Encryption
I think a lot of folks would be interested in this. Can you post it in the idea exchange ( https://community.netgear.com/t5/ReadyNAS-Idea-Exchange/idb-p/idea-exchange-for-storage ). Perhaps link to that post here, to encourage folks to add kudos.