storing data securely: NAS or USB HD ???

This forum is dedicated to basic help and support :

Ask here your questions about basic installation and usage of Mageia. For example you may post here all your questions about getting Mageia isos and installing it, configuring your printer, using your word processor etc.

Try to ask your questions in the right sub-forum with as much details as you can gather. the more precise the question will be, the more likely you are to get a useful answer

storing data securely: NAS or USB HD ???

Postby vmunich » May 25th, '21, 15:41

Hi everyone,
this is a general question concerning storing data in a secured way:
I want to have backups which only me or another user can accessed, and this data should be kept hidden from and should not be accessible to other users.
Obviously, data need to be accessed from time to time.

What is the best way to store such data ?

Is an NAS more secure than an external USB hard drive ?

More than once I had issues with USB HD... one fell, some just stopped working...
I guess a NAS which would stay at the same place should be protected enough.

But how secure are the data on the NAS in terms of users' permissions ?
How easy is it (under Mageia/Linux) to restrict access to certain directory only to certain user(s) ?

Best,
Vincent
Vincent
--
Mandrake since 1998, then Mandriva, then Mageia....
vmunich
 
Posts: 47
Joined: Jan 11th, '13, 12:35

Re: storing data securely: NAS or USB HD ???

Postby benmc » May 25th, '21, 22:06

air-gap security is pretty hard to defeat.

price of 2 (or 4 usb hdd) is also something to consider vs NAS - multiple redundency in case 1 or more USB HDD fails.

just my 2 cents ;)
benmc
 
Posts: 972
Joined: Sep 2nd, '11, 12:45
Location: Pirongia, New Zealand

Re: storing data securely: NAS or USB HD ???

Postby morgano » May 26th, '21, 11:49

The NAS, if not encrypted, is not safe; a burglar can just dissassemble it and read the disk.
I have a period used a disguised and hidden NAS connected only when needed, hard to find.

If you encrypt, you can also store in cloud...

I have tested using Sirikali (packaged) to on-demand encrypt/decrypt a folder I sync with a Nextcloud instance. That folder with encrypted content can be copied anywhere as backup, in my case via Nextcloud.

Sirikali can ask for key or store it in keyring. When active, you access the files in a virtual folder like they were regular files.

https://mhogomchungu.github.io/sirikali/
Mandriva since 2006, then Mageia since 2011 at home & work. Thinkpad T43 & T400, Dell M4400, Acer Aspire 7. Workstation using LVM, LUKS, VirtualBox, BOINC
morgano
 
Posts: 793
Joined: Jun 15th, '11, 17:51
Location: Kivik, Sweden

Re: storing data securely: NAS or USB HD ???

Postby jiml8 » May 26th, '21, 19:03

How secure is a NAS? Well, that depends. It depends on the operating system on the NAS and on how you configure the NAS. I have a NAS that runs FreeBSD. I doubt it can be broken into, and should it be stolen, the RAID is fully encrypted. So I think it is quite secure.

As for using Mageia to restrict permissions to specific users, you can do this using the default permission system of Linux, or you could enable the optional access control list (ACL) capability of most of the major filesystems to make your control finer-grained. Personally, I would not use stock Mageia (or any other stock linux distro) for the purpose; it would require a great deal of customization (mostly stripping things out) to be fully secure for the NAS job...after all, you don't need most of the services that run on a desktop linux system and leaving those just increases the attack surface. If you want to take that route, just go with a distro that is intended to be a NAS.

Is a NAS more secure than a USB drive? I guess that depends. Define "secure". As benmc commented, it is hard to beat air-gap security. But, as you pointed out, a USB drive is more prone to damage or malfunction.

For myself, I use a NAS. I have a couple of USB drives, but they have been sitting on the shelf for years now. I don't need them and presently have no use for them. YMMV.
jiml8
 
Posts: 1188
Joined: Jul 7th, '13, 18:09

Re: storing data securely: NAS or USB HD ???

Postby xboxboy » May 27th, '21, 04:03

I setup an old Acer Netbook with mageia, and I have two usb hdd's in raid. So the OS is on the internal disk, and the two USB's should be a copy of each other. I access them via SMB, so I can lock the OS down hard, and the USB's are locked down via SMB. Can they be hacked, probably. Easily? Nope.
I'm not sure i trust vendor supplied OS's and updates anymore. From phones, and smart tv's to security camera's and NAS's these companies are VERY lazy with security updates.
xboxboy
 
Posts: 343
Joined: Jun 2nd, '13, 06:41

Re: storing data securely: NAS or USB HD ???

Postby roti » Jun 2nd, '21, 19:59

I think you mix two different things: permissions (access to files/data) and encryption.

Encryption means, data (your files) are saved in an encrypted manner to the disk, and therefore can't be read unless the encryption key is known. By anybody. Permission means, a particular user (which is authenticated) does not have rights to read/write certain files or folders.

I'll explain with some examples. Suppose you have a laptop, and two user accounts exists on that laptop. You have permissions set up so that folder A is accesible (for read and write) only to one user and not the other. During normal usage of that latop these permissions will work as expected: person1 logs in as user1 and will have permissions to folder A. When person2 logs in as user2, he/she will not have access to folder A.

Now, if someone steals the laptop, that person will not know the password for user1 or user2, so one would think the data is safe, but it's not the case. That person could take the hard drive out, and install it in another computer, where the user passwords are known. So the person logs in to the new computer, with a different user, and can access the data without any problems, regardless of any user permissions.

Now, if the data on the hard disk was encrypted this would not be possible, because encrypted data needs a decryption key to be readable. That key could be a password, or something else, but the point is, it's got nothing to do with user authentication or permissions. Without the decryption key, the data can be read, but not understood. So it's useless.

In other words: user permissions to files/folders/other things are controlled by the operating system, which can authenticate and identify users. Encryption refers to how the data is saved on the disc, regardless of OS users/permissions.

Judging by the way you frazed the question, I would guess you are interested in encryption. If you have a SSD I would suggest to check if it has hardware encryption. My Samsung SSD does, so I solved my problem with just defining a BIOS password. (of course, check with your SSD how the hardware encryption works). If not, then you could use LUKS (which is also available in Mageia) to set up encryption for all or some of the partitions.

A word of warning: encryption is a double egde sword. It provides protection, but if you loose the key, you loose your data. There's no backup/password reset or something similar. That's the whole point: you can access the data if you have the key (no matter who you are), otherwise no. So use it with caution. I nearly lost a significant amount of photos due to not realizing this.
roti
 
Posts: 31
Joined: Nov 7th, '11, 10:05
Location: Bucharest, Romania


Return to Basic support

Who is online

Users browsing this forum: No registered users and 1 guest