× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: Encryption of single/ shared folders for NAS users (?) or scramble folder from view

jamminontoast
Aspirant

Encryption of shared folders for users (?) - is this possible?

Hi, i have an RN316 - for home use currently.

i've search in the community and have seen a few posts on people requesting about encryption however have found very little to suggest encryption is even on the feature table of @netgear @readynas

 

I am looking for a way that i can have family members upload files into my NAS and have this encrypted so that only they can see and not even the administrators like myself would see.

1. Is this feature possible (for someone like myself who has limited if not zero - NAS/ security/ programming know)? 

2. is this a feature on ReadyNAS maybe not aware of?

 

Curious how this could be done with any addons/ plugins or native feature?

i'm not looking to encrypt the entire disk, just folders that i create, shared to them, and which they own completely....

thank you!

Model: RN31600|ReadyNAS 300 Series 6- Bay
Message 1 of 9

Accepted Solutions
StephenB
Guru

Re: Encryption of single/ shared folders for NAS users (?) or scramble folder from view

Whole drive encryption won't do what you want, because the system will decrypt the files on the drive before sending them over the network.

 

If part of the idea is to automatically sync the dropbox to an encrypted folder on the NAS, then there are some caveats.  I believe the NAS can only sync to a single dropbox account.  Also, the methods suggested above all require the encryption to be done on the client PC.  It can't be done by dropbox or the NAS itself, since neither would know the encryption key.  If the NAS did know the encryption key, then the administrator could access the data.

 

An alternative is to just tell everyone that anything they want to keep truly private needs to be stored in an encrypted zip file, using the password of their choice.  That also protects the files from dropbox hackers.  Other files that aren't sensitive could be stored in the usual way.

View solution in original post

Message 8 of 9

All Replies
Marc_V
NETGEAR Employee Retired

Re: Encryption of shared folders for users (?) - is this possible?

Hi @jamminontoast

 

I would recommend the home folders.

 

Home folders allow each user to have a private folder matching his or her account name. Home folders can be made available over SMB, AFP, NFS and FTP protocols. SMB, AFP and NFS are enabled by default. This folder will only be accessible to the user and the admin account.

 

You might want to check this article regarding share permissions

 

Other community members might suggest other Apps or procedures.

 

 

Regards

Message 2 of 9
jamminontoast
Aspirant

Re: Encryption of shared folders for users (?) - is this possible?

Thanks for the idea, however the HOME user folder is something i have considered. The fact the ADMIN root can still read the data is an issue.

That would be similar to just create a share folder and only giving a single person access.

 

Am looking for a way to even lock the root user out of the files/ folder - only way i have thought of this working was by having it encrypted? 

Message 3 of 9
StephenB
Guru

Re: Encryption of shared folders for users (?) - is this possible?

iSCSI Luns are opaque to the NAS, so you could use those.  I believe they can also be encrypted in the client (though I haven't tried to set the up).  Veracrypt and encrypted Microsoft VHDs are similar (and both containers can be stored on the NAS).

 

The issue with all three is that they can only be accessed from one device at a time.

Message 4 of 9
Marc_V
NETGEAR Employee Retired

Re: Encryption of shared folders for users (?) - is this possible?

@jamminontoast

 

We may have to wait for other members to share their insights or if they have tried this setup. 

 

You may want to try @StephenB 's Suggestion on encrypting an iSCSI LUN using TrueCrypt or VeraCrypt. However, aside from the issue he mentioned you may also experience a change in performance.

Message 5 of 9
StephenB
Guru

Re: Encryption of shared folders for users (?) - is this possible?

Even an unencrypted LUN is opaque, so the admin would need to mount it using the iSCSI initiator in a PC to read it.

 

Is there a reason you need this level of privacy protection?  I think it's unusual to want a setup where the administrator has no ability to access the files.  It can complicate troubleshooting, and it will have an impact on backup/restore as well.

Message 6 of 9
jamminontoast
Aspirant

Re: Encryption of single/ shared folders for NAS users (?) or scramble folder from view

Thanks @StephenB and @Marc_V for the suggestions.

To be clear, i am a very very novice user of the NAS, the minimum requirement is just to

(1) scramble or even hide the data away from a NAS admin/ root user (like myself) so I can't easily read it.

(2) easy to use - possibly via password at best for entry. (no tokens)

 

Why?   I have 5 siblings who each have dropbox paid accounts, siblings or not, we don't necessarily want to share all our financials and key documents to each other. (Hence the level of privacy - not even an admin like myself of the NAS - should be able to access). And also potential cost savings right there.

 

> As Stephen mentioned, I would assume any encryption/ decryption at the host and target would take a hit in performance especially for the partition/ drive.
> i'll take a look at Veracrypt to see if this is a workable solution as it seems to encrypt an entire drive/ or partition - may look to see other solutions which allows just single folder scrambling/ encryption.

 

I looked earlier at Espionage app, however initial googling suggest it doesn't actually secure the vault on the NAS - only meant to be for the originating computer.

The other option i've found was through Cryptomator (donate-ware) which seems to scramble/ encrypt the files from view. I will continue to find something a little more 'mainstream' in case of 'restore' issues. Can't comment on the encryption method of their vault. If a hacker wants to hack into the system i am sure they will find a way, at least try to make them jump over a little hurdle... doest need to be a trump-like wall 😉

 

OR have i incorrectly explained what i wanted and the original ask - tooks us down the wrong route (with what people generally think of enterprise grade type encryption/ whole drive encryptions etc)?

Message 7 of 9
StephenB
Guru

Re: Encryption of single/ shared folders for NAS users (?) or scramble folder from view

Whole drive encryption won't do what you want, because the system will decrypt the files on the drive before sending them over the network.

 

If part of the idea is to automatically sync the dropbox to an encrypted folder on the NAS, then there are some caveats.  I believe the NAS can only sync to a single dropbox account.  Also, the methods suggested above all require the encryption to be done on the client PC.  It can't be done by dropbox or the NAS itself, since neither would know the encryption key.  If the NAS did know the encryption key, then the administrator could access the data.

 

An alternative is to just tell everyone that anything they want to keep truly private needs to be stored in an encrypted zip file, using the password of their choice.  That also protects the files from dropbox hackers.  Other files that aren't sensitive could be stored in the usual way.

Message 8 of 9
Marc_V
NETGEAR Employee Retired

Re: Encryption of single/ shared folders for NAS users (?) or scramble folder from view

Hi @jamminontoast

 

I think it would be better to keep the important data out of the NAS for privacy or store it on the NAS but make sure it is zip with a password just like what @StephenB said.

 

trying to get encryption on the fiels seems to make it more complicated but again still your call and whatever method you choose we hope you can share it here.

 

 

 

 

Regards

Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 3161 views
  • 2 kudos
  • 3 in conversation
Announcements