So.... this is a recently factory reset device (feel free to go find my other posts for those woes) and as I'm clicking around, I discover that the apparent default is to share USB keys with full Read/Write permissions for everyone!?
So... guess where they store the encryption key for the array....
I agree that that doesn't seem to be the right permissions for the key, but what is the point of leaving the key inserted? If somebody steals the NAS, they just steal the key with it and you've done nothing to secure the data. If the key is removed and locked away, the default permissions for its access are moot.
Are you only encrypting so that there will be no unencrypted data on a drive if it fails and you cannot securely erase it? A sledge hammer fixes that.
I tried that once. I was a bit surprised at how resistant the case turned out to be. I'm sure the drive didn't work when I was done, but I expected more mayhem and destruction.
Back on topic, I think the security benefits of drive encryption in the NAS are pretty limited, and for me they are not worth the trouble.
That's an entirely different discussion... hahaha. I totally agree that this whole ReadyNAS "encryption" option is a little bit of a joke. I cant totally blame anyone at NETGEAR for that because they are working within the confines of what exists in the open source world for the most part.
Yes, ideally the key is inserted to boot the box and then removed (based on what our current limitations and options are)... but you have to think about the dozens of use cases (datacenters, customer locations, etc) where it's not feasible to pop in a USB key for every reboot. I mean, not even taking into account power outages or (remote reboots after lockup/hang with a PDU), what about when you need to do a firmware update and reboot? Do I want to drive to the datacenter to pop in a USB key for a reboot?? Of course not. I think it's pretty impractical to force people to put a USB key in to get the device to mount the volume...and so everyone is going to leave the key plugged in (path of least resistance).
The part that drives me CRAZY, is why we dont have the option to forego the USB key altogether... Either SSH to the box and put in the key (which I've heard some people have tried, but then some of the services dont work right, even though the volume is mounted) OR... better, when I hit https://ip.add.re.ss/admin why I cant drop/copy/paste the key in and then let the box finish booting. To me, this would be idea, and would solve 99% of the above issues, and also seems to be more secure than having a key floating around on a USB drive (which is also unencrypted).
I feel like both should be an option.. USB key, or ssh/web interface. Forcing people to use a pretty insecure method of storing their key, and (lol and then sharing it on the network for everyone to see....) seems a little crazy to me when there are a couple of better solutions that would significantly increase the security of the product as a whole.
