Hi,
Just setting up a new FreeNAS system, I have some problems in understanding whether or not to use the new disk encryption feature:
Thinking through all the if's and then's I came to the conclusion that this feature just helps when you have to swap disks: In this case you won't need to care about sensitive content, as it is encrypted. You can just send it back to the hd manufacturer e.g. for guarantee replacement without any additional tasks (like wiping out).
In all other cases I cannot see a real added value. The key to mount an encrypted ZFS pool on the attached disks is stored anywhere in the freenas operating system. So when someone has physical access to my FreeNAS box, he has the key already and just needs to boot it. Then it will mount the encrypted ZFS pool with the exiting key without asking about a pass phrase. Ok, to get root access later on should not be a real obstacle. Then he can read all data on the encrypted volume.
So the only way to protect the data would be to run the FreeNAS OS (inlcuding the key) from an USB stick and to remove it as long as you will not use the NAS. But this is not really practable and a bit contradicting to the idea of a NAS. In the moment this encryption feature looks more like a load test of the CPU and a nice opportunity to accidently loose access to your own data when the USB stick fails (and you do not find the passphrase protected copy of your key).
Did I miss something major?
BR
erwin
Just setting up a new FreeNAS system, I have some problems in understanding whether or not to use the new disk encryption feature:
Thinking through all the if's and then's I came to the conclusion that this feature just helps when you have to swap disks: In this case you won't need to care about sensitive content, as it is encrypted. You can just send it back to the hd manufacturer e.g. for guarantee replacement without any additional tasks (like wiping out).
In all other cases I cannot see a real added value. The key to mount an encrypted ZFS pool on the attached disks is stored anywhere in the freenas operating system. So when someone has physical access to my FreeNAS box, he has the key already and just needs to boot it. Then it will mount the encrypted ZFS pool with the exiting key without asking about a pass phrase. Ok, to get root access later on should not be a real obstacle. Then he can read all data on the encrypted volume.
So the only way to protect the data would be to run the FreeNAS OS (inlcuding the key) from an USB stick and to remove it as long as you will not use the NAS. But this is not really practable and a bit contradicting to the idea of a NAS. In the moment this encryption feature looks more like a load test of the CPU and a nice opportunity to accidently loose access to your own data when the USB stick fails (and you do not find the passphrase protected copy of your key).
Did I miss something major?
BR
erwin