Is Truenas Scale secure against theft of server?

M

Mark Knutson

Cadet
Joined
Jun 24, 2015
Messages
8
I am running the latest version of Truenas Scale, and have been thinking about securing it from theft of the device. I am encrypting the data, and gave root a complex password. Then I noted the console where one can change the root password. I have not found this answer in documentation, so my question is: If someone steals the physical server, are they able to access my data simply by changing the root password and then logging in? My preference is that if someone steals my server, it is bricked without my credentials.
 
Heracles

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
Hey @Mark Knutson,

Unfortunately, consider that there is no logical security that can survive physical assault. It may be over simplified but it resumes the situation pretty clearly.

Root password will be bypassed in seconds one physical access is obtained (reboot with another boot device, edit the original boot device, delete the cryptogram and voilà : root with a blank password).

Encryption is defeated when cryptogram and keys are regrouped. Your server will hold both, so again this will not help much. The key may be protected by a passphrase that will be too hard to brute force but then it would means your server can not boot unattended anymore.

Here, I do encrypt my data at file level using Nextcloud's server-side encryption. Nextcloud is running from a Docker host in my ESXi server, just like its database which hold the keys. Only the cryptograms are saved in TrueNAS. So when TrueNAS zfs send its data to my other server, it sends only cryptogram and no keys.

For backup and restore, I have another Docker container that dumps Nextcloud's config files and database and encrypts everything with a long passphrase. The encrypted backup is then saved in TrueNAS.

So thanks to that, all my servers can boot unattended.
Someone getting physical control of my DR server will have nothing because he will need the passphrase the recover the database first, which itself contains the keys that encrypted the files.
To force the access, someone need physical access and control of both my ESXi and one of my TrueNAS server. But should that happen, he will have everything.
 
M

Mark Knutson

Cadet
Joined
Jun 24, 2015
Messages
8
Thanks for the thoughtful and complete answer. That is all in line with what I suspected, but I wanted to do due diligence and make sure I had fully explored the contours of the capabilities. Having said all that, my upgrade to truenas scale went very well and I am liking some of the gui improvements to the dashboard. I am simply using it at home as a SMB server, so not fully exploring its capabilities.
 
Arwen

Arwen

MVP
Joined
May 17, 2014
Messages
3,611
Bricking a server on theft is not practical. However, there are several steps you can take, which can prevent the data from being usable on theft.
  • As @Heracles said, if you encrypt your data pool(s) with a passphrase that is required on each boot, then those pools will be reasonably secure.
  • You can install a BIOS password preventing changes to the BIOS.
  • Some BIOS can prevent booting unless you use a password. (Like your boot devices don't exist, so you have to select something else, not on the default list of boot devices.)
  • Some BIOS also support SED, (Self Encrypting Drives). So if your boot media, (which in TrueNAS is always separate from your data pools), supports SED, you can encrypt the boot media.
  • Grub can have a password for changes at the menu
  • Grub can also require a password to boot an entry, or any entry.
Of course, BIOS resets can be done by the determined or skilled thief. And Grub can be over-ridden by booting to alternate media. That does still leave any SED or ZFS encryption intact.

Now all that said, we get LOTS of users that have self-inflicted ransomware on themselves because they either forgot the password / passphrase. Or did not understand enough of what they were doing to store those passwords / passphrases for later use. Thus, they want help to "break" the encryption to get back their data. Which we can't do.
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,700
You may be able to get close to what you want (although it should be noted that booting with admin intervention is the only true security with passphrase encryption and what I cobbled together is by no means elegant or rocket science) looking at what I did here:

SOLVED - ZFS Encryption USB auto unlock and mount with pass-phrase as I do with GLI.

For years I've automatically unlocked on boot and mounted my encrypted geli disks using remotely mounted USB drives as the geli example script below, so If you steel the box without the remote USB's it's useless. So now I need to do the same with the new ZFS encryption since GLI is no longer...
www.truenas.com www.truenas.com

Of course the best protection for your data is to not have it in the hands of an untrusted person in the first place.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Is Truenas Scale secure against theft of server?"

Similar threads

F
Physical theft of an TrueNAS
Replies
2
Views
2K
Arwen
Arwen
Vallevert
How TrueNAS protects the encryption password of Cloud Sync Tasks ?
Replies
13
Views
3K
winnielinnie
winnielinnie
H
Secure Storage of Cloud Sync Encryption Password and Credentials
Replies
0
Views
2K
Hinterwaeldler
H
K
Truenas Scale default certificate
Replies
0
Views
2K
kaushik
K
S
Access Denied creating CIFS share between Proxmox and TrueNAS Scale
Replies
3
Views
5K
Leeland
L
Top