Hey there,
just some thoughs about authentication and theft precaution in general.
For me, a NAS should not only be a place to protect my data from loss, but it should also be safe when beeing stolen. I really like FreeNAS but security seems to be a little underestimated so far. All my private data from all my computers is stored on a single machine, so the least I need to do is to encrypt the file system which is not possible at this time with ZFS (I know it's on the roadmap, so no problem). Next is to think about other ways to access the data in case of a attempted data theft. If I would know the guy I want to steal data from is using FreeNAS, the simplest way to get his data is to plug a screen and a keyboard to the machine and use the shell. There has to be a simple way to secure the console menu with username and password and not just disable it (what if the network card fails?). Even if the data on the machine is encrypted, all I would need to do is to keep the power online (I could use a backup power supply) and take all the time I need to get access to the data at a safe place. So a nice feature would be 802.1x authentication for example (wpa_supplicant is already part of freeNAS, so I can do it on my own, but it's not trivial). Another possibility would be to detect if the network cable is plugged and auto-shutdown in that case (does anybody know a simple way to do this with 8.0?).
I somehow lost my point here... but it's just that my FreeNAS box is down in the basement, if it gets stolen one day, I probably won't even realize it's gone and I would feel really bad because accessing all my data would be extremely easy for the guy who took it...
Best regards,
John Doe.
just some thoughs about authentication and theft precaution in general.
For me, a NAS should not only be a place to protect my data from loss, but it should also be safe when beeing stolen. I really like FreeNAS but security seems to be a little underestimated so far. All my private data from all my computers is stored on a single machine, so the least I need to do is to encrypt the file system which is not possible at this time with ZFS (I know it's on the roadmap, so no problem). Next is to think about other ways to access the data in case of a attempted data theft. If I would know the guy I want to steal data from is using FreeNAS, the simplest way to get his data is to plug a screen and a keyboard to the machine and use the shell. There has to be a simple way to secure the console menu with username and password and not just disable it (what if the network card fails?). Even if the data on the machine is encrypted, all I would need to do is to keep the power online (I could use a backup power supply) and take all the time I need to get access to the data at a safe place. So a nice feature would be 802.1x authentication for example (wpa_supplicant is already part of freeNAS, so I can do it on my own, but it's not trivial). Another possibility would be to detect if the network cable is plugged and auto-shutdown in that case (does anybody know a simple way to do this with 8.0?).
I somehow lost my point here... but it's just that my FreeNAS box is down in the basement, if it gets stolen one day, I probably won't even realize it's gone and I would feel really bad because accessing all my data would be extremely easy for the guy who took it...
Best regards,
John Doe.