3
In the company where I work, we're currently in the progress of setting up a new HR server. Right now, this server is in a seperate network, physically disconnected from the regular LAN, because this server contains sensitive data (wages, ...), that even those with network admin privileges shouldn't have access to.
So in order to incorporate this server with the rest of the LAN, we need to set up an encrypted disk which only those employed in HR have access to. Seems fairly straightforward at first, I quickly set up an encrypted partition with TrueCrypt, set an iSCSI target to it and tried to initiate that drive on a client machine. That's wehere the problems began.
Unfortunately, it seems TrueCrypt is not able to open multiple sessions to the same drive without problems occurring. I was able to initiate and mount the drive on several clients at once, but when I copied a file to it on one machine, it wouldn't appear on another (not even after dismounting/remounting) which is a big problem, since multiple users should be able to work on the encrypted drive simultaneously.
Is there any comparable software that would do the job as required? If not, do you have any suggestions for a practical workaround?
Do you have the same problem if you share it as NAS, as described in http://www.truecrypt.org/docs/?s=sharing-over-network ?
– ckhan – 2012-04-24T11:42:06.3472The issue is the filesystem, not TrueCrypt. You can't share unencrypted drives over a network either. (You can share the files on them, which you can also do with TrueCrypt. But that won't help you.) – David Schwartz – 2012-04-24T11:57:21.740
@ckhan yeah, I read that, and it works as described in there. The problem is, when I mount the drive directly on the server, everyone who has access to the server will also be able to access that drive, which does not meet the requirements. It needs to be configured in such a way that the drive is only decrypted on the individual clients, but not accessible directly from the server without the password. – Axim – 2012-04-24T12:12:38.193
What are the OSes involved? If it was linux, it might be a simple matter of sshfs or some related filetype. – Journeyman Geek – 2012-04-24T12:27:58.803
Server and Clients are Windows based. There might be a possibility to run a Linux VM on the server if that might help, but the clients are going to be Windows no matter what. – Axim – 2012-04-24T12:31:33.037