Clear Volume Encryption Key during Soft Reset

Tell us your most wanted features from QNAP products.
Locked
Amoebia
Easy as a breeze
Posts: 253
Joined: Sat Jul 04, 2009 9:50 pm
Location: Georgia

Clear Volume Encryption Key during Soft Reset

Post by Amoebia » Fri Aug 17, 2012 10:01 pm

In order to gain access to the admin account you can press the RESET switch at the backside of the NAS for 3 seconds.
That will reset among other settings the admin account to default password. While this is good in case of an issue sometimes
it represents an unnecessary security risk.

My volumes use the built in encryption and I do not save the encryption key but enter it manually every time I boot up.
Since it is very simple for anyone with physical access to the NAS to perform this admin reset, access to the data is basically
no matter if drive encryption is used.

Therefore, I would like to see the encryption key cleared during the reset process so that the key needs to be entered
even after gaining access to the admin account.
--------------------------------------------------------------------------------
4 * Seagate 3TB - Raid-10
--------------------------------------------------------------------------------

User avatar
schumaku
Guru
Posts: 43648
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Clear Volume Encryption Key during Soft Reset

Post by schumaku » Sat Aug 18, 2012 12:26 am

Amoebia wrote:Since it is very simple for anyone with physical access to the NAS to perform this admin reset, access to the data is basically no matter if drive encryption is used.
With physical access to the NAS and/or the HDD, non-encrypted storage volumes are accessible anyway. this is the key reason, commercial computer rooms and data centers are high-security areas.

If the ability to reset the admin password (along with some more settings) is a security concern for you, disable the Reset button in the hardware settings. FMI: http://docs.qnap.com/nas/en/index.html?hardware.htm

Amoebia wrote:My volumes use the built in encryption and I do not save the encryption key but enter it manually every time I boot up.
So the button-triggered reset option does not cause a msjor security disadvantage to you.

User avatar
Don
Guru
Posts: 12092
Joined: Thu Jan 03, 2008 4:56 am
Location: Long Island, New York

Re: Clear Volume Encryption Key during Soft Reset

Post by Don » Sat Aug 18, 2012 1:04 am

Kurt, I think his concern is that when you press the reset for three seconds the admin password will be reset to default. This will give the person the ability to login or connect via the LAN and have access to the data since the encryption key is still in place.
Read the Online Manuals and use the forum search feature before posting.

Use RAID with external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.

Submit bugs and feature requests to QNAP via their Helpdesk app.

NAS: TVS-882BR | F/W: 4.5.2.1566 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-663 | F/W: 4.5.3.1652 | 16GB | 2 x M.2 NMVe QM2-2P RAID 1 (cache) | 4 x 4TB RAID 5
Apps: Boinc, DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +

User avatar
schumaku
Guru
Posts: 43648
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Clear Volume Encryption Key during Soft Reset

Post by schumaku » Sat Aug 18, 2012 3:43 am

With physical access to a computer your'e lost. If this is kind of a risk - disable the reset button.

If there is risk where the physical access can't be mitigated ie. when using portable systems, there are much more sohpisticated security systems in place - preboot protection, Smart Card based access control with PIN and biometrical protection already to the preboot environment, fully encrypted physical storage devices, ...

Amoebia
Easy as a breeze
Posts: 253
Joined: Sat Jul 04, 2009 9:50 pm
Location: Georgia

Re: Clear Volume Encryption Key during Soft Reset

Post by Amoebia » Sat Aug 18, 2012 6:47 am

Schumaku. A data center location might be better but even there a simple add on feature would increase the security of the data simply because it adds another layer of protection at least in my scenario. Apparently, I have to deactivate the Reset Feature if I want to close this loop hole but it's a pity because the Reset Features comes in handy sometimes, therefore I would rather like to see this function added.

Whether it's located in a data center, in an office space, or at home there is always someone who could potentially get close to the box one way or another and then simply perform a Soft Reset gaining not only admin access but also full read access to the data as the drives are still unlocked. It might not be an issue for you but it is for me.

What I am proposing is that for configurations like mine the drive should be locked again asking for the encryption key after a soft reset. For instance if a reboot would be required to perform a Soft Reset, the issue would be fixed already as this clears the key and access to the data is still protected no matter who is gaining physical access to the device. I intentionally did not save the key so that each reboot will require the drives to be unlocked but with a Soft Reset that level of protection disappears.
--------------------------------------------------------------------------------
4 * Seagate 3TB - Raid-10
--------------------------------------------------------------------------------

leuveg
New here
Posts: 3
Joined: Tue Mar 02, 2021 6:47 pm

Re: Clear Volume Encryption Key during Soft Reset

Post by leuveg » Tue Mar 02, 2021 6:58 pm

Clear Volume Encryption Key during Soft Reset

i think that would be a great feature.
Well, the kids could be curious or that friends at a party (Smartphone + Qnap Manager + WLAN + ResetButton are a bad combination). And we use our NAS (ts-230) to store our business data (we are freelancer).
I think. Deactivating the ResetButton is not a good idea as this is an option in the event of errors.

User avatar
Don
Guru
Posts: 12092
Joined: Thu Jan 03, 2008 4:56 am
Location: Long Island, New York

Re: Clear Volume Encryption Key during Soft Reset

Post by Don » Tue Mar 02, 2021 11:39 pm

Your first post and you are replying to an 8 1/2 year old topic. Please don’t necropost. Start a new topic.
Read the Online Manuals and use the forum search feature before posting.

Use RAID with external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.

Submit bugs and feature requests to QNAP via their Helpdesk app.

NAS: TVS-882BR | F/W: 4.5.2.1566 | 40GB | 2 x 1TB M.2 SATA RAID 1 (System/VMs) | 3 x 1TB M.2 NMVe QM2-4P-384A RAID 5 (cache) | 5 x 14TB Exos HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-663 | F/W: 4.5.3.1652 | 16GB | 2 x M.2 NMVe QM2-2P RAID 1 (cache) | 4 x 4TB RAID 5
Apps: Boinc, DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS3, Entware, DLstation, VS, +

Locked

Return to “Features Wanted”