0

I'm looking to buy an ~8TB NAS* for my home office (I guess it's called a "private cloud").

I want to connect to it from Windows, Linux, Mac, Android, and iOS.

How can I ensure that the network storage is encrypted at rest (and ideally in transit and in use)?

It occurs to me that I ought to understand how to accomplish encryption before I start looking for which models to consider buying.

On my Mac I have FileVault enabled, and on my Windows PC I have Bitlocker enabled.

*maybe something like this, but I'd need one that works with Windows, Ubuntu, and can more reliably handle Mac Time Machine backups. Basically, my goal is to replace my loud desktop and its drives with a quiet, power-efficient storage device. But I don't want to sacrifice encryption.

Ryan
  • 315
  • 4
  • 13
  • 2
    Since SMB 3.0 the option for SMB encryption exists: https://docs.microsoft.com/de-de/archive/blogs/openspecification/encryption-in-smb-3-0-a-protocol-perspective – Robert Aug 29 '22 at 12:34

1 Answers1

1

Encryption at-rest

First, understand that enabling encryption on your NAS is independent from the endpoint that will access it. When enabled, the NAS will only encrypt/decrypt the data when accessing the hard drive, otherwise it is not encrypted. (Eg: if you mount the drive on your Windows client, you can see your files unencrypted.)

Each NAS manufacturer runs their own software, so you have to lookup if the product you're looking at has this feature. (Eg: QNAP, Synology, etc.)

Be sure to check that it is available for your model.

Encryption in-transit

This is more about what protocols you want to allow your clients to use when accessing the NAS. SMBv3 should provide encryption and works with all your clients.

Regarding the in-use, I believe it would depend on the software your NAS runs, but if someone can read its memory, it's probably already too late.

Yuriko
  • 941
  • 1
  • 6
  • 21