× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

does readynas pro 4 crypt data on disks?

Bob245
Guide

does readynas pro 4 crypt data on disks?

Hello at all,

I would like to know if the readynas pro 4 can have the features to crypt data.
If he can how set the crypt functions on ReadyNaspro4?

Thank a lot

Bob

Model: ReadyNAS RNDP4000|ReadyNAS Pro 4 Chassis only
Message 1 of 6

Accepted Solutions
StephenB
Guru

Re: does readynas pro 4 crypt data on disks?

ReadyNAS drive encryption protects your data if someone

  • steals your internal hard disks (or the full NAS)
  • but doesn't steal the USB thumb drive (or can't figure out what it is for). 
  • and doesn't steal an unencrypted USB backup.

It doesn't protect against any other threats, and it creates some operational headaches.  That includes the risk that you'd lose the data because you've lost the encryption key.  Personally I find that the extra security isn't worth the bother.  But others here disagree, and use the feature.

 


@Bob245 wrote:

Hi Stephen,
Can you give me more info about the "USB thumb drive with the encryption key". There are info how to create this USB key?

But in general the are exaustive documentations about how to use encryption with Netgear Ready nas Pro 4 when it have os6 on board?

 


See page 31 of the software manual.

 


http://www.downloads.netgear.com/files/GDC/READYNAS-100/READYNAS_OS_6_SM_EN.pdf wrote:

During volume creation, you can also enable volume encryption. Encryption is optional. When encryption
is enabled, data is encrypted in real time as it is written to the volume.You cannot encrypt existing volumes. Encryption is possible only when you are creating new volumes.When created, the volume will be a Flex-RAID
volume, but after you create it, you can change it to an X-RAID volume.


You need a USB drive to store the encryption key that is generated during volume creation.You can also
specify that the encryption key be emailed to you for safe keeping. If you lose the USB drive with the
encryption key, you can load the emailed encryption key onto another USB drive.


You must insert the USB drive with the encryption key into a USB port on the ReadyNAS for the volume to
be unlocked and accessible.You must insert the USB drive to unlock an encrypted volume during reboot.


If you do not insert the USB key on reboot, there is a 10-minute time-out during which you can insert the
key. Otherwise, you wll not be able to access the encrypted volume until the ReadyNAS is again rebooted.
You can remove the USB drive after unlocking the volume. We recommend storing the USB drive with the
encryption key in a safe and secure location when not in use.


Note that installing new firmware requires a reboot, and if the NAS experiences an unexpected power cut it will try to reboot automatically.   

 

So if you use volume encryption, it is best to protect the NAS with a UPS (which would largely eliminate the power cuts).   IMO you should do that anyway - a lot of "I lost my data" stories begin with a power failure.

 

You would be unable to install firmware remotely (or otherwise reboot the NAS) unless the key was inserted - either all the time, or with the help of someone on site.  Also, make sure you have multiple copies of the key - because if the USB drive were to fail, you'll need to create a new one to access your data.

Also, this encryption only applies to the internal disk volume.  Backups made using the built-in back up jobs are unencrypted.  So if you use USB backup (and you do need to back up the NAS), then you'd need to secure the backup disks somewhere else.  

 

 

 

View solution in original post

Message 5 of 6

All Replies
StephenB
Guru

Re: does readynas pro 4 crypt data on disks?

The ReadyNAS Pro normally runs 4.2.x firmware.  That doesn't support disk encryption.  However, the NAS can be converted to run OS 6 firmware that does support encryption.

 

The on-disk encryption doesn't help as much as you might think, since you need to insert the USB thumb drive with the encryption key into the NAS to boot it.  In practice, that thumb drive needs to be stored near the NAS.

 

There are some alternatives that might need your needs.  You could install veracrypt on your client devices, and put the encrypted container on a network share.  You can similarly use iSCSI.  In both cases the encryption is done in the client devices.

 

 

Message 2 of 6
JohnCM_S
NETGEAR Employee Retired

Re: does readynas pro 4 crypt data on disks?

Hi Bob245,

 

Welcome to the Community!

 

The 4.2.x firmware does not have support for volume encryption.

 

You can convert your NAS to an OS6 firmware so it can have support for volume encryption. Doing this process will lose your support from NETGEAR. You may check this thread for more information regarding that.

 

Regards,

Message 3 of 6
Bob245
Guide

Re: does readynas pro 4 crypt data on disks?

Hi Stephen,
Can you give me more info about the "USB thumb drive with the encryption key". There are info how to create this USB key?

But in general the are exaustive documentations about how to use encryption with Netgear Ready nas Pro 4 when it have os6 on board?

Thanks

Message 4 of 6
StephenB
Guru

Re: does readynas pro 4 crypt data on disks?

ReadyNAS drive encryption protects your data if someone

  • steals your internal hard disks (or the full NAS)
  • but doesn't steal the USB thumb drive (or can't figure out what it is for). 
  • and doesn't steal an unencrypted USB backup.

It doesn't protect against any other threats, and it creates some operational headaches.  That includes the risk that you'd lose the data because you've lost the encryption key.  Personally I find that the extra security isn't worth the bother.  But others here disagree, and use the feature.

 


@Bob245 wrote:

Hi Stephen,
Can you give me more info about the "USB thumb drive with the encryption key". There are info how to create this USB key?

But in general the are exaustive documentations about how to use encryption with Netgear Ready nas Pro 4 when it have os6 on board?

 


See page 31 of the software manual.

 


http://www.downloads.netgear.com/files/GDC/READYNAS-100/READYNAS_OS_6_SM_EN.pdf wrote:

During volume creation, you can also enable volume encryption. Encryption is optional. When encryption
is enabled, data is encrypted in real time as it is written to the volume.You cannot encrypt existing volumes. Encryption is possible only when you are creating new volumes.When created, the volume will be a Flex-RAID
volume, but after you create it, you can change it to an X-RAID volume.


You need a USB drive to store the encryption key that is generated during volume creation.You can also
specify that the encryption key be emailed to you for safe keeping. If you lose the USB drive with the
encryption key, you can load the emailed encryption key onto another USB drive.


You must insert the USB drive with the encryption key into a USB port on the ReadyNAS for the volume to
be unlocked and accessible.You must insert the USB drive to unlock an encrypted volume during reboot.


If you do not insert the USB key on reboot, there is a 10-minute time-out during which you can insert the
key. Otherwise, you wll not be able to access the encrypted volume until the ReadyNAS is again rebooted.
You can remove the USB drive after unlocking the volume. We recommend storing the USB drive with the
encryption key in a safe and secure location when not in use.


Note that installing new firmware requires a reboot, and if the NAS experiences an unexpected power cut it will try to reboot automatically.   

 

So if you use volume encryption, it is best to protect the NAS with a UPS (which would largely eliminate the power cuts).   IMO you should do that anyway - a lot of "I lost my data" stories begin with a power failure.

 

You would be unable to install firmware remotely (or otherwise reboot the NAS) unless the key was inserted - either all the time, or with the help of someone on site.  Also, make sure you have multiple copies of the key - because if the USB drive were to fail, you'll need to create a new one to access your data.

Also, this encryption only applies to the internal disk volume.  Backups made using the built-in back up jobs are unencrypted.  So if you use USB backup (and you do need to back up the NAS), then you'd need to secure the backup disks somewhere else.  

 

 

 

Message 5 of 6
Bob245
Guide

Re: does readynas pro 4 crypt data on disks?

many thanks!!

bob

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 1091 views
  • 3 kudos
  • 3 in conversation
Announcements