Dear all,
I am using TS-453D as home NAS with drives encryption. For convenience I keep the encryption key cached i.e. volumes get unlocked automatically after reboot, firmware update, etc.
What I see as security risk is that if somebody gains physical access to NAS (e.g. steals it), the person could easily reset admin password (holding reset for 3 sec.) and gain access to all files as NAS would simply auto unlock the drive even in case it is started elsewhere.
Obvious solution would be if admin pass reset would also lock encrypted drives and forget the key, but this does not seem to be the case.
Standard option is to disable configuration reset switch in hardware settings however with this I lose option to recover NAS should something go wrong.
As custom approach I was considering to schedule a script that would periodically checks whether admin account is unlocked and if yes lock encrypted drives immediately but even this seems non-trivial (seems that I need to access web interface via e.g. wget ... which gets even more complicated with 2FA).
How do you address this security risk with your NAS? Any hints appreciated.
auto wipe encryption key on admin password reset
-
georgi69
- New here
- Posts: 8
- Joined: Mon Mar 23, 2020 6:34 am
auto wipe encryption key on admin password reset
Last edited by georgi69 on Sat Feb 12, 2022 9:15 am, edited 1 time in total.
-
OneCD
- Guru
- Posts: 12144
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: auto wipe encryption key on admin password reset
It would be great if QTS disabled the auto-unlock feature when the reset button is pushed. But I can't find anything online to indicate this is the case. Probably because it means the NAS would need to erase the stored decryption key. 
Only thing I can suggest is to disable the auto-unlock and enter the decryption key manually as-required. More secure = less convenient.
Only thing I can suggest is to disable the auto-unlock and enter the decryption key manually as-required. More secure = less convenient.
-
dolbyman
- Guru
- Posts: 35243
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: auto wipe encryption key on admin password reset
I think we had a simmilar discussion recently, that a password reset does no reboot the NAS and therfore makes it vunerable even if the key is not saved und volumes are unlocked.
Complain to QNAP so the reset scripts are changed
Complain to QNAP so the reset scripts are changed
-
georgi69
- New here
- Posts: 8
- Joined: Mon Mar 23, 2020 6:34 am
Re: auto wipe encryption key on admin password reset
I see ... disabling auto-unlock is tempting but makes drives unavailable with every restart (weekly preventive reboots, firmware update). I will probably disable the reset switch and make sure to not forget admin passwd.