[FDE] full disk encryption for NAS
Mike Markowitz
markowitz at infoseccorp.com
Mon Jan 8 09:44:44 MST 2007
At 02:40 AM 1/8/2007, Naveen Mamindlapalli wrote:
>Rightnow I am using truecrypt for disk encryption.
>I have gone through the ISC's SpyProof! product and
>found that truecrypt is almost same except the
>authentication part using PKCS#11 Support.
we're not very familiar with truecrypt, but their home
page description does make it sound like their product
is very similar
>Incase of NAS box first we have to mount it locally on
>to the windows machine & then create a virtual
>encrypted disk of that NAS drive.So our data will be
>encrypted over the Network.
SpyProof! would let you use a UNC file specification to
create/mount the encrypted partition remotely... no need
to mount the drive on the NAS box itself. (Alternately, you
could create the encrypted partition locally on a Windows
system and then just copy the two files that comprise it
to the NAS box.)
>But if I have a NAS box with disk encryption software
>inbuilt, then the data over the network will be in
>clear-text (correct me if i am wrong), since the
>encryption (or) decryption is happenning at the disk
>level not at the socket level (or) application level.
>In this case there can be a threat from the Network to
>the NAS box.
yes, it sounds like that's not what you want to do.
>So I am doubting should we use file level encryption
>also ( means application level encryption ).
not sure i understand... is there something wrong with
simply ignoring the built-in NAS encryption and just
using truecrypt to get the network communication
encrypted?
-mjm
More information about the FDE
mailing list