1
I am trying to create a storage solution for multiple users working offline. Our info sec team will not permit the use of a NAS device as all storage devices must use BitLocker Encryption.
We have attempted to connect users to a router via Ethernet cables and attach a drive to the router via USB. When the drive is not encrypted this works, when the drive is encrypted users can see and access the drive but there is no prompt for BitLocker password and data remains encrypted/illegible.
Does anyone know if read/write access can be granted by BitLocker on a drive connected thru a router?
Router: AC1750 Wireless Dual Band Gigabit Router
Drives: Multiple Generic Thumb Drives
I am open to any suggestions regarding alternative ways to give multiple users read/write access to a common storage point that is encrypted via BitLocker in an offline setting.
Are you using if you can enable Bitlocker on network share that is mounted. It is indeed, not possible, to enable Bitlocker on a mount network share which of course is how the router is sharing that drive. You should allow your information security team to come with an acceptable solution. – Ramhound – 2017-11-30T20:29:59.747
@Ramhound I am not sure I understand your statement. Currently a thumb drive that is encrypted via Bitlocker is connected via USB to a router. When I connect to the router via Ethernet (using the very PC that encrypted the drive), the PC can see the thumb drive however there is no Bitlocker password prompt and all the data on the drive appears to be encrypted. At that point the drive can be connected directly to the same PC and read. – Garrett – 2017-11-30T20:34:23.087
When you connect the USB device, to the router, the PC that encrypted the drive is able to mount the volume? If that is what is happening, then I am confused how the router is sharing the device (typically that is done through SMB) but does this PC have a TPM by chance? How are you mounting the drive exactly, because it does not appear to be possible, to enable Bitlocker on an network share (which is the reason I pointed that out – Ramhound – 2017-11-30T20:41:14.190
Yes the PC has TPM. The user sees the encrypted drive's name appear via Windows Explorer and can click it to open it like any other drive or network. The root folder is there (name of the drive model) but the contents appear to be encrypted. – Garrett – 2017-11-30T20:50:16.177
It sounds like what is happening is honestly a fluke. Based on my research, the drive shouldn't even be accessible, There are NAS devices that exist that allow you to encrypt the data contained on them. – Ramhound – 2017-11-30T20:54:32.380
Currently bypassing Bitlocker is out of our scope. Our info sec team will not allow storage devices without Bitlocker encryption, hence no NAS devices. Please feel free to offer any other ideas and thanks for the help @Ramhound! – Garrett – 2017-11-30T20:57:26.650
There are no other solutions to this problem that allows you to use Bitlocker with a router and a USB HDD. The current behavior you describe is a fluke – Ramhound – 2017-11-30T21:00:48.970
The problem is your router has a linux OS which doesn't support Bitlocker as that is a Microsoft product. File shares use SMB protocol, but that protocol doesn't support bitlocker. You basically need a Windows Server to use bitlocker. There is a dislocker product for linux, but not built into your router. – cybernard – 2017-12-01T00:08:46.450
Here is the link https://github.com/Aorimn/dislocker
– cybernard – 2017-12-01T00:17:30.770@cybernard Do you think we could work around this by building a router via windows server with Bitlocker encrypted HDs and connect the other user machines to that via LAN? – Garrett – 2017-12-01T13:35:25.947
@Garrett Yes, that is what you have to do. Build a windows server and then encrypted the hdd with bitlocker. Then standard file and print sharing will share it to all your LAN users. – cybernard – 2017-12-01T20:27:06.770