Slashdot Mirror

← Back to Stories (view on slashdot.org)

Building a Fully Encrypted NAS On OpenBSD

Posted by kdawson on from the peace-of-mind dept.

mistermark writes "Two years ago this community discussed my encrypted file server. That machine has kept running and running up until a failing drive and a power outage this last week. So, it's time to revise everything and add RAID to it as well. Now you can have an on-the-fly encrypting/decrypting NAS with the data security of RAID, all in one. Here is the how-to."

7 of 196 comments (clear)

  1. Netcraft... by Anonymous Coward · · Score: 5, Funny

    mistermark's failed hard drive only further confirms that BSD is, in fact, dying.

  2. freenas... by Tmack · · Score: 4, Informative
    Meh...

    1. download FreeNAS
    2. install to USB/CF drive (it needs ~32Mb)
    3. configure * reboot on the USB/CF drive (or if your mobo cant boot to those, maybe a CD or spare HD)
    4. ?
    5. Profit!

    Tm

    --
    Support TBI Research: http://www.raisinhope.org
  3. Pretty Useless by mvdwege · · Score: 4, Insightful

    Seeing as that he uses per-volume encryption, this is pretty useless. It makes his 'server' pretty much a single-user NAS box, because as soon as another user gets an account to access the file server, they get access to the data.

    Data encryption on a fileserver only makes sense if it is done on a per-user level. This is not News for Nerds, as this is basically just another implementation of how to encrypt your local disk.

    Mart
    --
    "I know I will be modded down for this": where's the option '-1, Asking for it'?
    1. Re:Pretty Useless by DamnStupidElf · · Score: 4, Insightful

      Seeing as that he uses per-volume encryption, this is pretty useless. It makes his 'server' pretty much a single-user NAS box, because as soon as another user gets an account to access the file server, they get access to the data.

      As long as the server remains physically secure, and assuming there aren't gaping root privilege holes in the security, the files on the disk are still protected by the file system permissions. As long as the users can trust the admin, they don't have to trust each other.

      Data encryption on a fileserver only makes sense if it is done on a per-user level. This is not News for Nerds, as this is basically just another implementation of how to encrypt your local disk.

      Databases with private information like credit card or social security numbers should be on encrypted disks. Not to protect against users, but to protect against the drive being replaced or stolen before it can be wiped (secure wiping is not necessarily secure either, especially as drive technology advances, since what was wiped 5 years ago may be easily readable now).

      There's really no advantage to having a server encrypt and decrypt each user's data with a different key. The server will have to know all the keys to perform the decryption at least (public keys allow secure encryption without the server knowing the private key), so it's only as secure as encrypting the entire drive and then relying on filesystem permissions. Root will always be able to read any files that are encrypted/decrypted on the server itself. If clients encrypt their files before storing them on the server, then the server can safely store everything in plaintext.

  4. Re:USB drives?!? by hmallett · · Score: 5, Funny

    When is your next book "More Typo's I found on the Internet" coming out?
    It's late and nitpick stuff like this has been driving me nuts all week.

    There shouldn't be an apostrophe in Typos...

  5. Re:One link in the chain... by Yggdrasil42 · · Score: 5, Insightful

    Thanks for clarifying the OP's error, but why the patronizing tone?
    Most people on the planet don't speak English natively, and a large part of the Slashdot population is from that group.

    Since you can't tell if the OP does or does not belong in that group, being a little less harsh would make the world a nicer place. Why not start there?

  6. Re:OK by thc69 · · Score: 4, Funny

    WTF
    IsA
    NAS
    ?
    http://en.wikipedia.org/wiki/Nas
    --
    Procrastination -- because good things come to those who wait.