Jump to content
jonp

Anti theft encryption

33 posts in this topic Last Reply

Recommended Posts

The point is not to deny a thief the use of the box, but to protect your files from being revealed.  Personal data (tax returns, etc.), client data, or just your own personal pictures or videos.  Even simple encryption would protect you form basic criminals or identity thieves.

Share this post


Link to post

Encryption is the only thing, why i didnt change to Unraid.

In the moment Iam using another Software, which Pools Drives and do the parity.

This Software works under Windows. So basically, when my Server starts, the Server starts and writes Paraty when things are written. I then remote into the Server and write my Passwort in DiskCryptor.

Then i manually start the "Array Pool". Works fine.

The cool thing is, i dont have to Encrypt everthing, just the one "Array Pool".

I have 2 Array Pools. One with privat things and one with Servers (Teamspeak, Bonjour, Bitcoin, my Surveillance Software and so on) which have to Start immedialty after Start from WIndows and cant wait for me to decrpyt them first.

Everthing with only one parity drive. If more then one drive would failed, i could (tried it) take the others disk and could decrypt them with DiskCryptor on another Windows.

Please do something similar:

After the Server has to restarted, you can start the "privat" array via WebInterface with the right Password.

VM´s can start instantly.

 

I would like to go away from the Windows Solution, because evertime i need an Windows Update or a new Porgramm is installed, i had to restart and i needed to decrypt again and start the array.

I think a Linux Based Solution is more robust.

 

Share this post


Link to post

That's the same reason why I haven't switched full to Unraid.

 

I would like to have the data encryption in rest option. When the server is shutdown (or stolen) and then booted op again, you can't access the data without validating that you have the right to access it. This could be via a few options:

- Password at boottime in console or via webinterface

- Keyfile on USB disk or Yubikey which is only read during start-up of Unraid. This way the USB key can be removed after the system has started and is only needed during reboot/startup.

 

Both ways, password or keyfile would prevent unauthorized users to access your data without the password or key.

 

There are a lot of other options you can use to encrypt you data in rest:

 

But it would be nice to have it standard within Unraid like other NAS solutions have.

 

 

Share this post


Link to post

Dont like the USB-KEy Method,

because you have to be pyhsically there.

I have one Server in a Company, and dont want to drive there after a Power Loss or something like this.

FreeNas supports Encrpytion maybe copy them :D

 

Cant use Containers. You cant create a Container bigger then you smallest drive, i think so? So i need to create 8 containers and copy the shares all over them? naah.

With a VM Between, i can go like now. ESXI, one FreeNas and one windows.

 

The last one you mention is possible, but to "hard" for my folk :D

Share this post


Link to post

That's why I would like the choise: USB key, password or both. Up to the user what to use.

 

I don't think they can just copy the FreeNas solution  ;)

I think FreeNas, just like QNAP and Synology, have a RAID storage pool in place and on that storage pool you can create a volume (encrypted or not).

 

Unraid works a bit different, I has a number of seperate disks and calculates the parity with the data on those disks to a parity disk (a bit like SnapRaid and some FlexRaid solutions do).

Therefore there is no "single volume" to encrypt.

 

What I think for Unraid a solution could be is encrypting one, multiple or all disks (user could choose), and mount those necrypted disk at boot-time with the encryption password/usb key.

Those mountpoints would then be part of the Unraid array (instead of the original partition mount), and after this the array would be started.

 

For the Unraid array itself it would then be completely transparant.

 

But I could be wrong in this :-)

 

Share this post


Link to post

Just bought myself a dedicated computer to act as a Linux-powered NAS and virtualized gaming unit. I thought unRAID would be the perfect OS for this considering its ability to use VT-d. Now if only you had encryption support as well so one wouldn't have to worry about physical theft. So for now I'm leaning a bit towards rolling my own using this guide.

Share this post


Link to post
On 7/19/2016 at 5:02 AM, bubbaQ said:

The point is not to deny a thief the use of the box, but to protect your files from being revealed.  Personal data (tax returns, etc.), client data, or just your own personal pictures or videos.  Even simple encryption would protect you form basic criminals or identity thieves.

Definitely agree. Can you suggest any kind of file encryption software? Heard about Nordlocker (that's a bit better than software like Boxcryptor) and found a free version on site https://nordlocker.com , but not sure if it's worth. What do you think? Thanks in advance. 

Edited by swagmacdui
clraification

Share this post


Link to post
19 minutes ago, swagmacdui said:

Definitely agree. Can you suggest any kind of file encryption software? Heard about Nordlocker (that's a bit better than software like Boxcryptor) and found a free version on site https://nordlocker.com , but not sure if it's worth. What do you think? Thanks in advance. 

Not sure why you responded to a 2 year old post?  

 

What is wrong with the LUKS based encryption that has been a standard feature of Unraid for some time now?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.