Theft precautions

[jgreco]

But that being said, the hard drive is a common target nowadays in ALL legal matters, even minor or civil matters. Even if you're just a witness, old emails on your hard drives showing an off-color joke could be used against you Mark Furhman style. Alot of cases get settled out of court by good lawyers who dig up good dirt, and it has nothing to do with real justice. Not just the crooks you see on TV in some fantasy cop show, but day-to-day people going through divorces, having disputes with landlords, getting into stupid bar fights, etc. etc. etc.

Better safe than sorry.

This is absolutely true. However, the real problem in a civil case is discovery, where the judge orders discovery, you don't hand over the desired data, a motion to compel is made, you try to say you don't remember, or outright refuse, the judge gets annoyed, rules you in contempt, and puts you in jail until you comply (well that last is rough and a tad unlikely, but throwing you in jail for contempt is NOT unlikely). Encrypting your hard drive is not likely to protect you in the least, UNLESS you have a large bankroll and are willing to be the Guy Who Fought The System.

Full disk encryption on a server is kind of a solution wandering around wishing for a problem to solve. There are some benefits, but for the guy who started this thread, locking up his server physically is really the better starting point by far.

Now, laptops on the other hand, yeah, those you want to encrypt. We encrypt them AND make a policy of not storing much of anything valuable on them. But I guess that's real far off topic here. ;-)

 

[samfarkus]

I would just like to point out that the 'judge' in these scenarios is frequently a 60+ year old guy who shows up to work drunk. Because it takes an entire career to be a judge, so they're old. It's also almost impossible for them to get fired, so they don't have much incentive to stay sober, let alone stay up to date on the latest encryption schemes and partitioning. It's up to their LAWYER to make the proper motions. And most don't know what they're doing to be honest. Why? Computers aren't popular in the legal world. Leaked confidential documents, etc can end your career. The legal world is filled with old world technology and regal cherry, burl-finished walnut desks, fancy lether legal pads, etc. It's just not a place that really respects 'gadgets'. And if they do, then they charge THEIR client out the ass by hiring a technical contractor/analyst to achieve it. Why? Well many lawyers are chicks who well havent taken a single computer class seriously in their pre-law or law degrees. 'Fighting the system' happens everyday in divorce cases, business lawsuits, IP infringment, etc. If you live in a society as litigious as ours, you better know how to 'fight the system'. I've been involved in several court cases involving child support of a business partner, cease and desists, IP issues, etc. I've spent more than my fair share of money 'fighting the system'. And it was worth every penny. Your mental images of jack bauer tying you down and tortuing you with electrodes just doesnt happen for well, nearly 100% of legal cases. And just bending over and submitting to all subpoenas, motions, blindly of your ex-wifes lawyer.. is not a great legal strategy.

 

[peterh]

To have any security of your data you should encrypt it , pgp / gpg or some other
method with decent and known good key management.( the list is short

Don't trust anything thats done within the filesystem ( most "cryptofs") they have weaknsesses
all over the place.

 

[Visseroth]

If you want to get into legal arguments just let me know. I'll roll a buddy in here that is working on being a laywer because he's tired of everyone getting rolled over on by the system.
None the less data encryption should be offered and should be customizable.
As I said before, having something like a key on a USB or strong password to even let the read the data on the drives should be offered as it seems I am not the only one that wants data encryption. Why? Because like the rest of the world I don't trust my neighbor or anyone else for that matter and if someone breaks in and steals my equipment I don't want to give them my data too without a fight.

 

[ProtoSD]

I can't believe this thread it still alive....

Anyway, this is good news from the EFF:

Appeals Court Upholds Constitutional Right Against Forced Decryption

A federal appeals court has found a Florida man's constitutional rights were violated when he was imprisoned for refusing to decrypt data on several devices. EFF filed an amicus brief under seal in this case, arguing that the man had a valid Fifth Amendment privilege against self-incrimination, and that the government's attempt to force him to decrypt the data was unconstitutional. The 11th U.S. Circuit Court of Appeals agreed, ruling that the act of decrypting data is testimonial and therefore protected by the Fifth Amendment.

https://www.eff.org/press/releases/...onstitutional-right-against-forced-decryption

 

[Visseroth]

Oh, very nice find! Thanks for the post bud!

 

[Jean-Claude]

No encryption ?

Hello,

I have tried FreeNAS and it worked fine. What I wanted to do is to keep some backup/alternative to the existing Synology NAS with several TB of data.

Unfortunately, and to my great disappointment, FreeNAS does not seem to support encryption and I will not accept the risk to have the NAS or its hard drives stolen and my data compromised, so I had to get rid of FreeNAS for a Ubuntu/LVM/Truecrypt/samba system.

I don't think I am the only one who values data encryption on the disk.
Is encryption in the FreeNAS radar ?

 

[cubix]

"Oracle has not released ZFSv30 (which provides encryption support) as open source. The FreeBSD project is working on their own encryption design, but it will be some time before that becomes available."

 

[peterh]

Freebsd ( that freenas is built upon ) has gbde for encryption of disc devices :
( http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html )
It will however ( as other disc encryption products ) not protect a running system, or "hot disc" . A breakin
will expose your data. And it needs a passphrase during boot ( or when the disc is mounted)

Reallyl sensitive data *should* be encrypted off line, disc used for storage would then be safe from theft.

 

[ProtoSD]

....I had to get rid of FreeNAS for a Ubuntu/LVM/Truecrypt/samba system.

You can create Truecrypt containers on Windows, move them to FreeNAS and mount/access them from there...

 

[TimeBandit]

Freebsd ( that freenas is built upon ) has gbde for encryption of disc devices
.....

Right you are ! And for that sake of discussion, I successfully implemented such BDE encryption on my FreeNAS 8.0.4 box.
It's not eligant - but do'able for sure. Link to my HOWTO guide.

 

[astronaute]

Still no encryption? Can someone please at least tell us approximately the ETA?

It is really the only thing missing from FreeNAS at the moment.

Thank you

 

[TimeBandit]

Not directly aside from my howto above... but here's something that sounds like it may be yet another alternative method of approach (not verified myself yet):
Encryption over iSCSI
While that link is not FreeNAS-specific, FreeNAS does support iSCSI connectivity, so I don't see why this wouldn't work! Plus, the added bonus is all network traffic being below the encrypted layer - i.e. traffic encrypted as well. The bad part, the client systems (initiators) must support iSCSI & all commonly support the same encryption methodology - in the case ELI. I'm sure BDE would work too, or Windows native encryption since the so-called iSCSI "share" is simply "seen" as a raw disk.