Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[czhower]

One major thing that I find missing from this unit is encryption. It could easily be done by using user passwords (and of course strength would be dependent on strong passwords) to unlock a larger key stored on the NAS.

[Fatman]

Here is the thing, encrypting the disks would add a significant amount of overhead (which would cost performance) and it would not make the access methods used (which are inherently weak) any stronger.  Speaking as a tech I would also be concerned that it would make recovery problematic.

In short encrypt your data not the disks and it doesn't matter as much that the access method is insecure, doesn't cost you performance on an already anaemic device, and would be much stronger as a total system.

[czhower]

1) Encryption adds only very little overhead. Both TrueCrypt and Bitlocker add only single digit % overhead ,below 5% in fact.

2) Your second point is completely invalid as you do not understand the point. Encryption isn't only about transport, but more about theft. I can easily secure my network because the wireless portions can be secured, and the wires are controlled. But if someone steals the unit, or its drives the data is wide open. That is the point.

[Fatman]

I don't know how you can produce overhead numbers for a device that is not only a closed device, it doesn't even have the correct processor to run the binaries for the BitLocker.  You are comparing apples to oranges.

My argument wasn't that your network can't be protected (not that I trust wireless encryption with any data I would concern myself with encrypting in the first place), but that you have the same level of protection against theft with file level encryption AND you get transport AND network protection AND file verification.  With encryption on the device itself you lose all of the above except security in case of theft.

It is also worth noting that thinking your network is secure so you don't have to worry about attacks in transport or from your network, but being concerned about physical theft is short sighted.  If they can physically steal your drives they can compromise your wireless or Ethernet infrastructure.  They could certainly just as easily compromise this device itself and let you give them what they need and worse with you none the wiser.

If you need anything more than casual security, look towards hardened devices and feel free to pay for what you get.

*** modified by Fatman because as soon as it hit post he realized what he had forgot to say.

[czhower]

"I don't know how you can produce overhead numbers for a device that is not only a closed device, it doesn't even have the correct processor to run the binaries for the BitLocker. "

The specs for the processor are generally available, and encryption does not take a massive amount of CPU if done properly. You keep a key on the disk that is encrypted heavily, then unlock it to use a weaker faster key for encryption of the data. Standard encryption. Even basic encryption would be welcome. As it is now, any teenager can see your data if they get the drive. Even basic encryption would up the bar significantly, no one is suggesting to use the 321 for government work.

"With encryption on the device itself you lose all of the above except security in case of theft."

Theft is a major issue in many countries. No one is going to break in and splice by ethernet, but outside the US theft is VERY common. With no encryption, that means any teenager who then buys the stolen drives at the pawn shop or black market, then can scan for private records etc.

"It is also worth noting that thinking your network is secure so you don't have to worry about attacks in transport or from your network, but being concerned about physical theft is short sighted.  If they can "

No, you are being very short sighted in usage scenarios of the 321. Its not about using it for the CIA, its casual home use and work groups.

"If you need anything more than casual security"

That would be great advice, if the 321 had casual security which it doesn't.

[Fatman]

Ok this has gone waaaay too far, what I offered was a way that you could solve the problem you are presenting and several others you didn't.  My solution is guarenteed to be a performance gain over your idea (any overhead is more than 0).  Above even that it is more secure!  As this has become a waste of boardspace I will wait for 1 more response to see if you can contrive an argument that doesn't completely miss the point and serve only to be argumentative to moot points.  Then I will lock this thread down because it appears that I can't help you, and nobody here could.

[czhower]

I don't know how you can produce overhead numbers for a device that is not only a closed device,

Marvell 88F5182-A2, 400 MHz, based on ARM 926 ? That's more than enough for casual encryption.

Many newer HD's support basic encryption internally, the 321 could also offer to integrate with that. Many BIOSes do today.

[Fatman]

This thread sees it's first real number, it is not however in any way relevant to my point, or even one could argue the situation at hand.

Locking as promised.

PM me if you want to continue this or if you have something worth unlocking this thread for.