How do I protect a network attached storage
(NAS) box from physical attacks as well as network based attacks? I have found that disk encryption
is useful where there is a physical insecurity like theft of the hard disks. Is it a better choice to use disk encryption for the NAS box?
If you have the risk of physical security for the disks in a NAS system, you've got a bigger problem to consider regarding the overall viability of your business. Yes, you can encrypt data on a NAS system but there are not many product offerings currently. There are some encryption devices that can sit on the network and will encrypt data and handle some of the key management functions. If you are using your own file server with software to serve as a NAS system then you might be able to add some encryption software to that -- either publicly available or purchased. It might be less trouble (and less expensive in some cases) to address the physical security problem and controlling the impact to business of loss of access to data may be a catalyzing event for business continuance.
You should look for some of the NAS vendors to offer encryption natively with their systems in the very near future. That won't help you with your existing product but would for a new purchase. But if you don't fix your physical security problem first, you will be making a new purchase anyway.
This was first published in December 2006