[FDE] full disk encryption for NAS
Saqib Ali
docbook.xml at gmail.com
Wed Dec 6 07:07:53 MST 2006
I think I know what you mean. You need a solution that encrypts the
data on the client machine before sending it to the NAS device. This
way the data is stored in the encrypted format on the NAS and is
encrypted during transmission as well. Then you can easily send your
NAS device for service etc without worrying about leaking confidential
data.
As John Veldhuis suggested SafeGuard LAN from Utimaco and several
others will allow you to do this. Including Free Compusec.
However couple of things to keep in mind is:
1) This is NOT Full Disk Encryption. You will end with on the NAS in
the decrypted state.
2) This is a client side solution. That mean client machine MUST have
this software installed to encrypt or decrypt the data sent/retrieved
from the NAS. If a machine without this client send data to the NAS
without the Safeguard LAN then the data will be stored in plain-text.
Now whether you need this or full disk encryption for your NAS depends
on the confidentiality requirements of the data and the requirements
of the law. For e.g. CA 1386 requires any "reasonable" encryption.
saqib
http://www.full-disk-encryption.net
On 12/6/06, Naveen Mamindlapalli <mamindlapalli.naveen at yahoo.co.in> wrote:
> Hi Saqib,
>
> Thanks for the reply.I have a confusion whether to use
> file encryption (or) disk encryption incase of NAS box
> because the data over network is in clear-text when
> the clients are accessing the NAS box.So in that case
> file encryption will be useful.But incase of physical
> security like theft it is better to use disk
> encryption.
>
> I have googled about this and no where I found the
> correct answer.Is it better to use both types of
> encryption at a time. Then the burden will be more in
> encrypting & decrypting twice the data file level & at
> disk level.
>
> Is there any alternate technique to protect the NAS
> box form both physical & network attacks.
>
> Thanks
> Naveen
>
> --- Saqib Ali <docbook.xml at gmail.com> wrote:
>
> > The following 2 companies offer full encryption for
> > NAS/SAN
> >
> > http://www.decru.com/ (NAS and SAN)
> > http://www.neoscale.com/
> >
> > saqib
> > http://www.full-disk-encryption.net
> >
> > On 12/5/06, Naveen Mamindlapalli
> > <mamindlapalli.naveen at yahoo.co.in> wrote:
> > > Hi all,
> > >
> > > Can we use full disk encryption for network
> > attached
> > > storage?.Is there any commercially available
> > software
> > > for the above.
> > >
> > > If not how can I secure my NAS box physically &
> > from
> > > network attacks.
> > >
> > > Thanks in advance,
> > > Naveen
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> __________________________________________________________
> > > Yahoo! India Answers: Share what you know. Learn
> > something new
> > > http://in.answers.yahoo.com/
> > > _______________________________________________
> > > FDE mailing list
> > > FDE at www.xml-dev.com
> > > http://www.xml-dev.com/mailman/listinfo/fde
> > >
> >
> >
> > --
> > Saqib Ali, CISSP, ISSAP
> > http://www.full-disk-encryption.net
> >
>
>
> Thanks & Regards
> Naveen.M
>
>
>
>
>
>
>
> __________________________________________________________
> Yahoo! India Answers: Share what you know. Learn something new
> http://in.answers.yahoo.com/
>
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
More information about the FDE
mailing list