NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Encryption of shared folders for users (?) - is this possible?
Hi, i have an RN316 - for home use currently. i've search in the community and have seen a few posts on people requesting about encryption however have found very little to suggest encryption is eve...
Whole drive encryption won't do what you want, because the system will decrypt the files on the drive before sending them over the network.
If part of the idea is to automatically sync the dropbox to an encrypted folder on the NAS, then there are some caveats. I believe the NAS can only sync to a single dropbox account. Also, the methods suggested above all require the encryption to be done on the client PC. It can't be done by dropbox or the NAS itself, since neither would know the encryption key. If the NAS did know the encryption key, then the administrator could access the data.
An alternative is to just tell everyone that anything they want to keep truly private needs to be stored in an encrypted zip file, using the password of their choice. That also protects the files from dropbox hackers. Other files that aren't sensitive could be stored in the usual way.
I would recommend the home folders.
Home folders allow each user to have a private folder matching his or her account name. Home folders can be made available over SMB, AFP, NFS and FTP protocols. SMB, AFP and NFS are enabled by default. This folder will only be accessible to the user and the admin account.
You might want to check this article regarding share permissions
Other community members might suggest other Apps or procedures.
Regards
Thanks for the idea, however the HOME user folder is something i have considered. The fact the ADMIN root can still read the data is an issue.
That would be similar to just create a share folder and only giving a single person access.
Am looking for a way to even lock the root user out of the files/ folder - only way i have thought of this working was by having it encrypted?
iSCSI Luns are opaque to the NAS, so you could use those. I believe they can also be encrypted in the client (though I haven't tried to set the up). Veracrypt and encrypted Microsoft VHDs are similar (and both containers can be stored on the NAS).
The issue with all three is that they can only be accessed from one device at a time.
We may have to wait for other members to share their insights or if they have tried this setup.
You may want to try StephenB 's Suggestion on encrypting an iSCSI LUN using TrueCrypt or VeraCrypt. However, aside from the issue he mentioned you may also experience a change in performance.
Even an unencrypted LUN is opaque, so the admin would need to mount it using the iSCSI initiator in a PC to read it.
Is there a reason you need this level of privacy protection? I think it's unusual to want a setup where the administrator has no ability to access the files. It can complicate troubleshooting, and it will have an impact on backup/restore as well.
Thanks StephenB and Marc_V for the suggestions.
To be clear, i am a very very novice user of the NAS, the minimum requirement is just to
(1) scramble or even hide the data away from a NAS admin/ root user (like myself) so I can't easily read it.
(2) easy to use - possibly via password at best for entry. (no tokens)
Why? I have 5 siblings who each have dropbox paid accounts, siblings or not, we don't necessarily want to share all our financials and key documents to each other. (Hence the level of privacy - not even an admin like myself of the NAS - should be able to access). And also potential cost savings right there.
> As Stephen mentioned, I would assume any encryption/ decryption at the host and target would take a hit in performance especially for the partition/ drive.
> i'll take a look at Veracrypt to see if this is a workable solution as it seems to encrypt an entire drive/ or partition - may look to see other solutions which allows just single folder scrambling/ encryption.I looked earlier at Espionage app, however initial googling suggest it doesn't actually secure the vault on the NAS - only meant to be for the originating computer.
The other option i've found was through Cryptomator (donate-ware) which seems to scramble/ encrypt the files from view. I will continue to find something a little more 'mainstream' in case of 'restore' issues. Can't comment on the encryption method of their vault. If a hacker wants to hack into the system i am sure they will find a way, at least try to make them jump over a little hurdle... doest need to be a trump-like wall ;)
OR have i incorrectly explained what i wanted and the original ask - tooks us down the wrong route (with what people generally think of enterprise grade type encryption/ whole drive encryptions etc)?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
