[FDE] full disk encryption for NAS

Naveen Mamindlapalli mamindlapalli.naveen at yahoo.co.in
Mon Jan 8 22:22:10 MST 2007 

Hi Mike,
Thanks for your reply.See below for my comments.

--- Mike Markowitz <markowitz at infoseccorp.com> wrote:

> At 02:40 AM 1/8/2007, Naveen Mamindlapalli wrote:
> 
> >Rightnow I am using truecrypt for disk encryption.
> >I have gone through the ISC's SpyProof! product and
> >found that truecrypt is almost same except the
> >authentication part using PKCS#11 Support.
> 
> we're not very familiar with truecrypt, but their
> home
> page description does make it sound like their
> product
> is very similar
> 
> >Incase of NAS box first we have to mount it locally
> on
> >to the windows machine & then create a virtual
> >encrypted disk of that NAS drive.So our data will
> be
> >encrypted over the Network.
> 
> SpyProof! would let you use a UNC file specification
> to
> create/mount the encrypted partition remotely... no
> need
> to mount the drive on the NAS box itself.
> (Alternately, you
> could create the encrypted partition locally on a
> Windows
> system and then just copy the two files that
> comprise it
> to the NAS box.)
> 
Does it mean that by knowing the IP Address of NAS box
we can mount(encrypted partition)on the local PC.
Can you plz tell me in detail about this.

> >But if I have a NAS box with disk encryption
> software
> >inbuilt, then the data over the network will be in
> >clear-text (correct me if i am wrong), since the
> >encryption (or) decryption is happenning at the
> disk
> >level not at the socket level (or) application
> level.
> >In this case there can be a threat from the Network
> to
> >the NAS box.
> 
> yes, it sounds like that's not what you want to do.
> 
> >So I am doubting should we use file level
> encryption
> >also ( means application level encryption ).
> 
> not sure i understand... is there something wrong
> with
> simply ignoring the built-in NAS encryption and just
> using truecrypt to get the network communication
> encrypted?
> 
> -mjm

My basic idea is to demonstrate a NAS box -product-
with built-in disk encryption ( like truecrypt ).No
need for the end user to care about the encryption of
data locally on the host PC.He should simply mount it
as a NAS drive.Here comes my doubt of Network
Security.

Regards,
Naveen

Thanks & Regards
         Naveen.M
   
   
   


Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php

More information about the FDE mailing list