Encryption in transit

[jhuayane]

Hello friends,

I have a project and I would like you to help me. I have to encrypt data at rest and data in transit. As I read with truenas I can do it for the case of data at rest and I have it solved. the question is with the data in transit as it could be done. As I read over there some used truenas and nextcloud I do not know if there is another way that is not web. That is to say by means of samba or another protocol.

Greetings

 

[c77dk]

How would you prefer to access the data? Smb/ftp/web? All have options for encryption if I remember correctly. Not at my computer right now so can't check

 

[jhuayane]

Hello @c77dk

I would like it to be over samba but I understand that would involve having a credential server. If you can help me I would appreciate it. As far as I see or the most viable options are samba and web. Which one do you suggest.

Regards

 

[c77dk]

I all depends on your requirements - but for SMB it looks like you just need some minor aux params in smb.conf. Try looking at this post - @anodos knows this stuff quite well (writes most of the smb code in TrueNAS if I'm not mistaken)

 

[djaoifj92i90]

I think transit encryption should be enabled for all available transit options in TrueNAS by default

 

[jgreco]

I think transit encryption should be enabled for all available transit options in TrueNAS by default

That's nice. I think hard drives should be free and all networks should be 100Gbps by default. Doesn't mean it will happen, just as it will not happen for "all available transit options" which include protocols such as NFS which have no encryption support of any type.

 

[FraznoFire]

That's nice. I think hard drives should be free and all networks should be 100Gbps by default. Doesn't mean it will happen, just as it will not happen for "all available transit options" which include protocols such as NFS which have no encryption support of any type.

Jeez.. flair checks out. There's nothing unreasonable about djao's suggestion so I don't know what the point is in comparing it to asking for free hard drives.

If not make it default I would like to see iX at least add a little tickbox when creating an SMB share that automatically adds the required aux parameters so users don't have to go googling around to enable what most people would consider a basic security precaution.

 

[jgreco]

Jeez.. flair checks out. There's nothing unreasonable about djao's suggestion so I don't know what the point is in comparing it to asking for free hard drives.

You literally quoted the explanation of what's unreasonable about djao's suggestion. It's something that isn't going to happen because it's simply not realistic; it isn't even available for some protocols. It's a fair comparison on that basis.

automatically adds the required aux parameters so users don't have to go googling around to enable what most people would consider a basic security precaution.

Clearly this is not the case; if it was something most people considered a basic security precaution, the Samba project would not have it set up so that people would need to be adding aux parameters. They're more than capable of setting up reasonable security precautions as defaults.

That said, there's nothing stopping you from requesting a tickbox as a feature. It would only apply to SMB, of course.