[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1068
  • Last Modified:

Encrypt portion of NAS / network drive - but allow multiple user access - what software?

Hi ,

I have been looking at various software to encrypt a portion of a network drive that will allow a user to access the encrypted data from multiple devices.

For example, I was experimenting with the Free Truecyrpt which is very good. However when I set a portion of the network drive to be encrypted this worked fine. However when I Tried to mount the encrypted volume from another PC, it of course said that the file is in use.

Therefore I conclude with Truecrypt it is not possible to mount the encrypted volume from multiple devices at the same time.

However I have been looking at others such as PGP (now Symantec) Whole disk encryption software (which comes with file /folder encryption) and I am unable to establish at this time if it will support multiple simultaneous access.

Reading some of the blurb of Winmagic I got the impression it does support this.
(http://www.winmagic.com/products/file-encryption-folder-encryption/)

But would be great if someone who has used this could confirm and how well it works (can't download a demo of this and need to finish my report by the end of long weekend).

Thanks
0
afflik1923
Asked:
afflik1923
  • 4
  • 2
1 Solution
 
btanExec ConsultantCommented:
Actually I thought Truecrypt is able to do the sharing - see @ http://www.truecrypt.org/docs/?s=sharing-over-network
But the security issue I forsee is the sharing of the same keys by all users. Of course, file/folder can be encrypted by specific within but it kind of not as neat using Truecrypt....

Initially I was thinking of leveraging Windows Encryption File System (EFS) which is multi-user access capable, but it has limitation such that the channel from the client machine to server is not protected. It is unless the server is having WebDAV or have separate secure channel like SSL/TLS or IPSec - but the latter is separate "package" to secure the channel and not the data protection directly off from EFS (or the security solution).

You can check out this @ http://serverfault.com/questions/42317/truecrypt-or-efs

If multi-user access is desired, there should be policy to tagged with the access right where possible and proper logging is important since there will be a need for group (or shared) key concept for concurrent authorised access. I think that such implementation will have the crypto key (used to mount the shared volume) is protected by each authorised user crypt key (unique to them) in a pre-established user list. Kinda of like how the S/MIME works leveraging the PKI where user certificate will provide the unique identification (can be soft or hardware specific if using smartcard or token). Enterprise solution will provide a neater way unless you are just going for proof of concept to get buy-in from stakeholders...

For the enterprise suite, below are my feedbacks

A) You may want to explore SecureDisk and SecureDS.  I understand the former is able to achieve the multi-user access of secure store. The latter will provide additional policy-based intelligent data protection scheme which you may want to "top up" the security posture. It would be able to have concurrent access but can check with vendor for confirmation though
@ http://www.secureage.com/products/prd_SecureDisk.html
@ http://www.secureage.com/products/prd_SecureDs.html


B) For PGP whole Disk encryption, it does not support the network type storage as it is focus on local HDD. For your case, you will be looking at the PGP Desktop Storage which has multilayered encryption using PGP Whole Disk Encryption to protect confidential files stored on local desktop or laptop systems and using PGP NetShare to securely share files with selected colleagues.

This is a useful matrix on PGP suite (look at "Shared storage encryption") @ http://www.pgp.com/products/comparison_matrix.html


C) For the Winmagic Suite, you will probably be looking at the "Container Encryption" which is another pre-allocated big space file that can be mounted for multi-user access. Imagine this file stored in network file server and user attempt to mount this file into a volume. Not that neat way but it does serve your purpose indirectly. Similarly, the highlighted the file/folder suite serve the same purpose but focus on file/folder as it is and encrypting them, it does not have volume per se. The key is that both suite can have encrypted data shared based on “group” key sharing, e.g. sharing files locally as well as on network share.

Overall, the 3 product is able to handle what you had requested but you just need to get more info and ask vendor to show to you "live" if possible. Seeing is believing.
0
 
afflik1923Author Commented:
OK very good information and Very much appreciated particularly in the useful detail you have gone into (As I think you did on another question I had on a related subject).

I will digest this information and let you know.
Thanks
0
 
afflik1923Author Commented:
HI

Ok revisiting this information as this project takes off again. The comparison link you sent has changed becaue of Symantec buy out


This is a useful matrix on PGP suite (look at "Shared storage encryption") @ http://www.pgp.com/products/comparison_matrix.html


Do you therefore know the new equivelent link if it exists?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
btanExec ConsultantCommented:
not that know of but it should have been quite independent of the purchase as it still retained their naming. probably a quick check with desired vendor will be more effective to lead to the information.
0
 
afflik1923Author Commented:
I've had great trouble with PGPon my Lenovo. I was using support but they abandoned the problem with me as they said they could not recreate it. Obviousy this is off putting but still not found something suitable.
Will update soon.
0
 
afflik1923Author Commented:
Many thanks for this.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now