- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Encryption of shared folders for users (?) - is this possible?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, i have an RN316 - for home use currently.
i've search in the community and have seen a few posts on people requesting about encryption however have found very little to suggest encryption is even on the feature table of @netgear @readynas
I am looking for a way that i can have family members upload files into my NAS and have this encrypted so that only they can see and not even the administrators like myself would see.
1. Is this feature possible (for someone like myself who has limited if not zero - NAS/ security/ programming know)?
2. is this a feature on ReadyNAS maybe not aware of?
Curious how this could be done with any addons/ plugins or native feature?
i'm not looking to encrypt the entire disk, just folders that i create, shared to them, and which they own completely....
thank you!
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whole drive encryption won't do what you want, because the system will decrypt the files on the drive before sending them over the network.
If part of the idea is to automatically sync the dropbox to an encrypted folder on the NAS, then there are some caveats. I believe the NAS can only sync to a single dropbox account. Also, the methods suggested above all require the encryption to be done on the client PC. It can't be done by dropbox or the NAS itself, since neither would know the encryption key. If the NAS did know the encryption key, then the administrator could access the data.
An alternative is to just tell everyone that anything they want to keep truly private needs to be stored in an encrypted zip file, using the password of their choice. That also protects the files from dropbox hackers. Other files that aren't sensitive could be stored in the usual way.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Encryption of shared folders for users (?) - is this possible?
I would recommend the home folders.
Home folders allow each user to have a private folder matching his or her account name. Home folders can be made available over SMB, AFP, NFS and FTP protocols. SMB, AFP and NFS are enabled by default. This folder will only be accessible to the user and the admin account.
You might want to check this article regarding share permissions
Other community members might suggest other Apps or procedures.
Regards
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Encryption of shared folders for users (?) - is this possible?
Thanks for the idea, however the HOME user folder is something i have considered. The fact the ADMIN root can still read the data is an issue.
That would be similar to just create a share folder and only giving a single person access.
Am looking for a way to even lock the root user out of the files/ folder - only way i have thought of this working was by having it encrypted?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Encryption of shared folders for users (?) - is this possible?
iSCSI Luns are opaque to the NAS, so you could use those. I believe they can also be encrypted in the client (though I haven't tried to set the up). Veracrypt and encrypted Microsoft VHDs are similar (and both containers can be stored on the NAS).
The issue with all three is that they can only be accessed from one device at a time.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Encryption of shared folders for users (?) - is this possible?
We may have to wait for other members to share their insights or if they have tried this setup.
You may want to try @StephenB 's Suggestion on encrypting an iSCSI LUN using TrueCrypt or VeraCrypt. However, aside from the issue he mentioned you may also experience a change in performance.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Encryption of shared folders for users (?) - is this possible?
Even an unencrypted LUN is opaque, so the admin would need to mount it using the iSCSI initiator in a PC to read it.
Is there a reason you need this level of privacy protection? I think it's unusual to want a setup where the administrator has no ability to access the files. It can complicate troubleshooting, and it will have an impact on backup/restore as well.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Encryption of single/ shared folders for NAS users (?) or scramble folder from view
Thanks @StephenB and @Marc_V for the suggestions.
To be clear, i am a very very novice user of the NAS, the minimum requirement is just to
(1) scramble or even hide the data away from a NAS admin/ root user (like myself) so I can't easily read it.
(2) easy to use - possibly via password at best for entry. (no tokens)
Why? I have 5 siblings who each have dropbox paid accounts, siblings or not, we don't necessarily want to share all our financials and key documents to each other. (Hence the level of privacy - not even an admin like myself of the NAS - should be able to access). And also potential cost savings right there.
> As Stephen mentioned, I would assume any encryption/ decryption at the host and target would take a hit in performance especially for the partition/ drive.
> i'll take a look at Veracrypt to see if this is a workable solution as it seems to encrypt an entire drive/ or partition - may look to see other solutions which allows just single folder scrambling/ encryption.
I looked earlier at Espionage app, however initial googling suggest it doesn't actually secure the vault on the NAS - only meant to be for the originating computer.
The other option i've found was through Cryptomator (donate-ware) which seems to scramble/ encrypt the files from view. I will continue to find something a little more 'mainstream' in case of 'restore' issues. Can't comment on the encryption method of their vault. If a hacker wants to hack into the system i am sure they will find a way, at least try to make them jump over a little hurdle... doest need to be a trump-like wall 😉
OR have i incorrectly explained what i wanted and the original ask - tooks us down the wrong route (with what people generally think of enterprise grade type encryption/ whole drive encryptions etc)?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whole drive encryption won't do what you want, because the system will decrypt the files on the drive before sending them over the network.
If part of the idea is to automatically sync the dropbox to an encrypted folder on the NAS, then there are some caveats. I believe the NAS can only sync to a single dropbox account. Also, the methods suggested above all require the encryption to be done on the client PC. It can't be done by dropbox or the NAS itself, since neither would know the encryption key. If the NAS did know the encryption key, then the administrator could access the data.
An alternative is to just tell everyone that anything they want to keep truly private needs to be stored in an encrypted zip file, using the password of their choice. That also protects the files from dropbox hackers. Other files that aren't sensitive could be stored in the usual way.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Encryption of single/ shared folders for NAS users (?) or scramble folder from view
I think it would be better to keep the important data out of the NAS for privacy or store it on the NAS but make sure it is zip with a password just like what @StephenB said.
trying to get encryption on the fiels seems to make it more complicated but again still your call and whatever method you choose we hope you can share it here.
Regards