I'm looking for some advice on encryption

[cruzmiester]

I set up a test FreeNAS system using UFS files system because I was not able to make some older Linux systems read the FreeNAS ZFS file system. I was able to connect some 32 bit / 64 bit Linux system and a Windows 7 System using the iscsi service.

Can anyone recommend a solution, even if it's a 3rd party solution, to encrypt the data that would be supported by reasonably older and newer Linux & Windows OS systems.

however whimsical the Home Depot solution I read on this forum is, it's not all that practical or wise considering that today in many small companies their data is probably their most valuable asset, not protecting it is incredibly naive.

Thanks for the help!!!

Carlos

 

[praecorloth]

Your post is a little confusing. First you're talking about problems with storage and sharing the storage, and then you move on to encryption. If I understand correctly, you have two issues here.

1. You're looking to set up a storage solution that both Linux and Windows will use.
2. Then you also want the data encrypted while it is on the FreeNAS system.

Does that sound about right?

If that is the case, formatting the storage to UFS vs ZFS shouldn't be an issue. Just pick the file system with the features you want, and format. The important piece will be how you share the storage. Windows obviously speaks SMB/Samba very well. With Linux, however, you may or may not need to install Samba before Linux will be able to see the storage. I don't believe anything is stopping you from sharing the same storage via Samba and NFS at the same time, to appease both Windows and Linux.

As for encrypting your data on FreeNAS. This is going to be a larger discussion. People think that encryption is this magical solution to all their security needs. Encryption doesn't necessarily buy you protection. It all depends on what you are most threatened by. If you just do, say, whole disk encryption at the OS level, you will be protected if someone breaks in and steals the disks out of your server. If someone is accessing your server over your network via the share, they won't even notice that the encryption is there, and the OS (assuming that the username/password has been satisfied) will cheerfully serve up the data to be stolen.

The one thing you MUST keep in mind when thinking about security is that Security and Freedom (or in this case, Accessibility) are polar opposites. You cannot have data that is 100% secure while still being accessible. When you say that you want to protect your data, think about what you would like to protect it from. Also think about how you want your users to be able to access the data legitimately. The goal will then to be to secure your data in such a way that also provides an acceptable level of inconvenience to the users.

First we'll need to know a little more about how you want your users to be able to access your data. Over the network, of course. But will it be one big share that people access? Will people have their own iSCSI shares on the FreeNAS box, and worry about sharing data between each other in some other fashion?

 

[cruzmiester]

I've already got the storage solution going... I was only trying to give a little background info and why I selected UFS, sorry for the misunderstanding.

I'm looking for a whole disk encryption strategy that will protect me in case the hard drive systems are stolen and since FreeNAS is being shared by 32 bit CentOS and 64 bit CentOS and Windows 7 systems I'm looking for a solution that will work with Linux and Windows.

Thanks for the input!
Carlos

 

[praecorloth]

Okay, excellent. Well, a little Googling revealed this,

http://wiki.freenas.org/documentation:setup_and_user_guide:disk_encryption

I'm not sure what version of FreeNAS that is using. I'm hoping it's just a new version that I don't have. If you don't see the options talked about in that page, I'll see what else we can find.

There is a bit of good news, though. Since you're looking for whole disk encryption, you won't have to worry about the solution being compatible with clients. If we get whole disk encryption in place, FreeNAS will take care of the encrypting/decrypting. The clients will see the files like they would normally, regardless of what OS the client is using.

 

[DesertRat]

Okay, excellent. Well, a little Googling revealed this,

http://wiki.freenas.org/documentation:setup_and_user_guide:disk_encryption

I'm not sure what version of FreeNAS that is using. I'm hoping it's just a new version that I don't have. If you don't see the options talked about in that page, I'll see what else we can find.

There is a bit of good news, though. Since you're looking for whole disk encryption, you won't have to worry about the solution being compatible with clients. If we get whole disk encryption in place, FreeNAS will take care of the encrypting/decrypting. The clients will see the files like they would normally, regardless of what OS the client is using.

ISTR that applies to version 7 or perhaps an earlier version. ISTR that WDE disappeared with the upgrade to 8.