CryptoNAS to encrypt your Network Attached Storage data

A Network Attached Storage, commonly known as NAS, is a centralized device dedicated to data storage used to share files over a network, either your own local home network or the wider Internet.

Network Attached Storage devices contain one or more hard drives and are networked with other appliances, NAS units are configured for file sharing between multiple computers. If they contain more than one hard disk they can be configured as a JBOD (Just a Bunch Of Disks), or in RAID to facilitate data back up and quick file access.

Small and remote offices and home networks they all normally use a NAS appliance for file sharing, NAS drives have software that can be set to automatically back up every computer on the network and they can also be used as a servers but very few of them include data encryption capabilities.

The NAS operating system and other software on the NAS unit provides the configuration and management of the data storage and access functionality.

Network Attached Storage device (NAS)

Network Attached Storage device (NAS)

CryptoNAS Network Attached Storage encryption introduction

CryptoNAS is a multilingual Debian based Linux live CD with a web based front end that can be installed into a hard disk or USB stick. CryptoNAS has various choices of encryption algorithms, the default is AES, it encrypts disk partitions using LUKS (Linux Unified Key setup) which means that any Linux operating system can also access them without using CryptoNAS software.

CryptoNAS configuration and settings

CryptoNAS provides two packages: CryptoNAS-Server and CryptoNAS-CD

The CryptoNAS-Server: Targeted at network administrators and it adds hard disk encryption to a file server (running Samba, NFS, DAV, etc.).

The CryptoNAS-CD: Targeted at home users and it allows for easy NAS device encryption and browsing through a web interface.

CryptoNAS default username and password are admin:admin you should change both as soon as you have it installed. The next step is to create a configuration partition for CryptoNAS settings to be stored, after that you can enable disk encryption, format the hard disk using your file system of choice and enter the passphrase to be used, CryptoNAS will start encrypting the hard disk straight away, you will be able to see the progress clicking on status.

CryptoNAS interface

CryptoNAS interface

Your router will need to be in the same subnet, which means its IP needs to be 192.168.0.1. Check the default gateway address through the network connection details, log into your router and change the address in the LAN/network settings if necessary.

To access CryptoNAS through your web browser use https://192.168.0.23 you will get a message warning you about a problem with the security certificate since CryptoNAS uses a self-signed certificate, ignore it and go ahead.

If you switch off the computer where CryptoNAS is running the encrypted hard drives on your NAS will shut down and it will be inaccessible until you reopen it again entering the correct passphrase. You must remember that as long as CryptoNAS is running with the disks mounted the data is unencrypted and the encryption key held on RAM memory, only if someone disconnects your NAS device (i.e. NAS device gets stolen) or you turn it off encryption will secure your data.

Alternatives to CryptoNAS

  1. Use stand alone free open source encryption software like Diskcryptor or Truecrypt to encrypt your NAS hard drive and mount them on request.
  2. Use a NAS device that comes with encryption integrated, QNAP, Seagate, and Synology all have AES256 encryption for some of its high end Network Attached Storage products.
  3. Use FreeNAS, a free open source NAS distribution based on FreeBSD that also allows for encryption of NAS hard drives.

    Visit CryptoNAS homepage

Leave a Reply