-
Important Announcement for The TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Risk of data mining, security, etc with encryption
- Thread starter markwill
- Start date
Encrypted at rest and encrypted over the wire may still end with unencrypted data in the cloud.
When you decrypt the pool for use (access a share) and you then copy that data anywhere, you are copying decrypted data. Think if you copy pool data to a USB drive. Is the file encrypted on the USB?
You would want to encrypt the FILE not the repository for storage in the cloud. Think Veeam encrypted backups that are then stored in the cloud. The backup file itself is encrypted wherever it sits. Or Azure Rights Management, https://docs.microsoft.com/en-us/azure/information-protection/what-is-azure-rms.
Encrypted repository really only protects from having the device physically stolen.
When you decrypt the pool for use (access a share) and you then copy that data anywhere, you are copying decrypted data. Think if you copy pool data to a USB drive. Is the file encrypted on the USB?
You would want to encrypt the FILE not the repository for storage in the cloud. Think Veeam encrypted backups that are then stored in the cloud. The backup file itself is encrypted wherever it sits. Or Azure Rights Management, https://docs.microsoft.com/en-us/azure/information-protection/what-is-azure-rms.
Encrypted repository really only protects from having the device physically stolen.
Thank you, @Jessep. Just to make sure we're on the same page, I wasn't thinking about copying from a client to the cloud. Rather, I was considering an automated FreeNAS server-based process, backing up to the cloud.
In that scenario, my assumptions - possibly be incorrect from what you have said - is that data sent from FreeNAS to cloud storage is opaque to the cloud service i.e. it's basically just a bunch of bits and the cloud service can't interpret the contents.
Is this thinking flawed?
In that scenario, my assumptions - possibly be incorrect from what you have said - is that data sent from FreeNAS to cloud storage is opaque to the cloud service i.e. it's basically just a bunch of bits and the cloud service can't interpret the contents.
Is this thinking flawed?
- Joined
- Jan 1, 2016
- Messages
- 9,703
If I'm not missing something, pool-level encryption isn't a thing yet, only GELI based disk encryption, so if you do anything to replicate your pool anywhere, it's already in the decrypted/unlocked state when that happens and the data can land in the clear (unless you have done something to encrypt it on the target, like perhaps used disk-level encryption there too).
I think pool-level encryption (which would presumably then survive zfs send/recv operations) would do what it sounds like you're expecting. I think it's on the cards for FreeNAS 12.
For sure cloud services like B2 and others can land with data that can be read by the system... you can see the file tree and browse file contents in B2 for example.
If the service or software you're using to perform the backup can encrypt the backup media as it's being put in the cloud, then you have what you want, but that's 100% up to the option that you use for that and not up to FreeNAS.
I think pool-level encryption (which would presumably then survive zfs send/recv operations) would do what it sounds like you're expecting. I think it's on the cards for FreeNAS 12.
For sure cloud services like B2 and others can land with data that can be read by the system... you can see the file tree and browse file contents in B2 for example.
If the service or software you're using to perform the backup can encrypt the backup media as it's being put in the cloud, then you have what you want, but that's 100% up to the option that you use for that and not up to FreeNAS.
Ah, @sretalla, got it. I was assuming (incorrectly, it seems) that there was already support for sending encrypted files over the wire. If that's not the case then I can see that all bets are off!
My (additional) assumption here is that the target cloud would be passive in this context i.e. not actually encrypting on receipt.
With that it seems I have my questions answered and, while a little disappointed that this isn't possible today, very much appreciate the responses. Thank you.
My (additional) assumption here is that the target cloud would be passive in this context i.e. not actually encrypting on receipt.
With that it seems I have my questions answered and, while a little disappointed that this isn't possible today, very much appreciate the responses. Thank you.
