|
Encrypted File System |
|
|
|
|
|
Encrypted File System |
|
|
|
Encrypted File System
|
Encrypted File System |
|
|
|
|
|
Encrypted File System |
|
|
|
On this page, you can manage encrypted disk volumes on the NAS. Each encrypted disk volume is locked by a particular key. The encrypted volume can be unlocked by the following methods:
| • | Encryption Password: Enter the encryption password to unlock the disk volume. The default password is "admin". The password must be 8-16 characters long. Symbols (! @ # $ % ^ & * ( )_+ = ?) are supported. |
| • | Encryption Key File: Upload the encryption file to the NAS to unlock the disk volume. The key can be downloaded from the "Encryption Key Management" page after the disk volume has been unlocked successfully. |
Data encryption functions may be unavailable in accordance with legislative restrictions of some countries (Russia, Belarus, Ukraine, Kazakhstan, Uzbekistan, etc.)
Topics covered in this chapter:
NAS disk volumes can be encrypted using 256-bit AES encryption to provide data breach protection. Encrypted disk volumes can only be mounted for normal read/write access with the authorized password. Encryption protects confidential data from unauthorized access even if the hard drives or the entire NAS were stolen.
About AES encryption:
In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256 […]. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide. (Source: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
AES volume-based encryption is applicable only to specific NAS models. Refer to the comparison table at: http://www.qnap.com/images/products/comparison/Comparison_NAS.html
Please be aware of the following before using data encryption on the NAS.
| • | NAS encryption is volume-based. A volume can be a single disk, a JBOD configuration, or a RAID array. |
| • | Select whether or not to encrypt a disk volume before it is created on the NAS. You will not be able to encrypt a volume after it has been created unless the disk volume is initialized. Note that initializing a disk volume will clear all the disk data. |
| • | Disk volume encryption cannot be removed without initialization. To remove the encryption on the disk volume, you have to initialize the disk volume and all of the data will be cleared. |
| • | Keep the encryption password or key safe. If you forget the password or lose the encryption key, you will not be able to access the data. |
| • | Before you start, read the instructions carefully and strictly adhere to the instructions. |
Creating New Encrypted Disk Volumes
If the NAS has been installed, follow these steps to create a new encrypted disk volume by installing new hard drives in the NAS:
| 1. | Install the new hard drive(s) in the NAS. |
| 2. | Login to the NAS as an administrator. Go to Storage Manager" > "Volume Management". |
| 3. | Click "Create". |
| 4. | Select the disk volume you want to configure according to the number of new hard drives. |
| 5. | Check the drive for the intended volume. |
| 6. | Select "Yes" for the "Encryption" option and enter the encryption settings. Then click "Create" to create the new encrypted volume. |
All of the data on the selected drives will be DELETED! Back up your data before creating an encrypted volume.
You have created an encrypted disk volume on the NAS.
To verify the disk volume is encrypted, login to the NAS as an administrator. Go to "Storage Manager" > "Volume Management". You will be able to see the encrypted disk volume, with a lock icon in the Status column. The lock will be open if the encrypted volume has been unlocked. A disk volume without the lock icon in the Status column is not encrypted.
Behavior of Encrypted Volumes upon System Reboot
In this example, we have two encrypted disk volumes on the NAS.
| • | The first volume (Single Disk Drive 1) has been created with the option "Save Encryption Key" disabled. |
| • | The second volume (Single Disk Drive 4) has been created with the option "Save Encryption Key" enabled. |
After restarting the NAS, check the volume status. The first drive has been unlocked and mounted but the second drive is locked. Since the encryption key is not saved on the second disk volume, you have to manually enter the encryption password to unlock it.
| • | Saving the key on the NAS will protect you only if your hard drives are stolen. However, there is a risk of data breach if the entire NAS is stolen as the data is accessible after restarting the NAS. |
| • | If you do not save the encryption key on the NAS, your NAS will be protected against data breach even if the entire NAS were stolen. The disadvantage is that you have to unlock the disk volume manually on each system restart. |
To manage encryption key settings, login to the NAS as an administrator and go to Storage Manager" > "Encrypted File System".
There are four options to manage the encryption key:
| • | Change the encryption key: Input your old encryption password and input the new password. (After the password is changed, any previously exported keys will not work. You must download the new encryption key if necessary.) |
| • | Download Encryption Key File: Input the encryption password to download the encryption key file. Downloading the encryption key file will allow you to save the encryption key in a file. The file is also encrypted and can be used to unlock a volume, without knowing the real password (see "unlock a disk volume manually" below.) Save the encryption key file in a secure place! |
| • | Remove Saved Key: Remove saved keys with this option. |
| • | Save Encryption Key: Save the encryption key on the NAS for automatic unlocking and mounting the encrypted disk volume when the NAS restarts. |
Unlocking Disk Volumes Manually
Login to the NAS as an administrator and go to "Storage Manager" > "Encrypted File System". You will see your encrypted volumes and their status: locked or unlocked. To unlock your volume, first click "Unlock this device". Choose to either input the encryption password, or use the encryption key file. If the encryption password or the key file is correct, the volume will be unlocked and accessible.
|
© 2017 QNAP Systems, Inc. |
|