DSM-G600, DNS-3xx and NSA-220 Hack Forum

geno · 2008-07-20 11:53:43

Hi everyone,

I've recently bought a NAS from D-Link called "DNS-323". I'd like to discuss about some thoughts I have with you guys on the topics of encryption and filesystems involving the DNS-323.

Goal
The goal is to have all the data stored on the NAS to be transparently encrypted. To accomplish this I want to mount a container file stored on the NAS on my Linux server. The server will then share the mounted content of the container file via it's own samba server to all my other devices connected to my network. The server will also do all the hard work to decrypt/encrypt the incoming/outgoing data to make it transparent for all accessing devices.

Thoughts
My current setup features two installed 1TB Harddrives. The DNS-323 is set up to use both disks as individual disks. Right now, I'm in the middle of creating two huge container files with a size of 1TB each, filliing the whole disk space on Volume_1 and Volume_2. Now I want to access one of these container files via SMBFS/CIFS from my server running on Linux. The container file will be looped through the device maper (dm-crypt) for encryption with cryptsetup and LUKS. Finally, I want want to use EXT3 as the (internal) filesystem on that mounted container file.

Here is a simpler description on how I want the DNS-323 and my server to communicate with each other:

DNS-323 <-> SMBFS/CIFS <-> dm-crypt <-> server <-> SMBFS/CIFS <-> all other networking devices

Those "all other networking devices" are totally unaware of the encryption layer!

Concerns
As far as I can see there should be no problem in doing this, but I'm still quite unsure if there might be any hidden risks concerning the filesystem's integrity on a possible power outage or something similar which leads to an unnormal interruption while writing to the disk and container file respectively. How high are chances that the internal (files inside the container file) or the external (files on the NAS) filesystem will become corrupted, if a power outage occours? I think, since the DNS-323 is using EXT2 as it's filesystem, this could be a disaster, because I'm ALWAYS writing to that one single container file. So if something bad happens it will always affect the container file and therefore all of my data at once.

Phew, I really hope that I was able to give you an understandble overview of what I'm trying to accomplish.
The most important question to me is, if it's feasible and without a high risk of data loss.

Any ideas and comments are very appreciated! :-)

Note: I've done the upgrade of the firmware from 1.04 to the most current version which is 1.05 at the moment.

Greetings,
geno

bq041 · 2008-07-20 16:54:51

If you are so concerned about a power outage, put it on a UPS.

geno · 2008-07-20 17:56:53

Hi bq041, thanks for your reply.

Well, actually it is running on an UPS already. But what if the UPS runs out of battery power? Ok... I know, some will say now that this is irrelevant, because it's never going to happen anyway - and they might be even right. But it CAN happen and I'd like to know if there is a great chance to lose data in this special case.
More specificly: Are my concerns about the single file that is being changed all the time valid or am I just missing something else?

Last edited by geno (2008-07-20 17:59:00)

luusac · 2008-07-20 18:06:16

geno wrote:
Well, actually it is running on an UPS already. But what if the UPS runs out of battery power?

If memory serves there are threads in this forum on getting the dns323 to shutdown gracefully if the mains have failed and ups is running on battery.
lu

geno · 2008-07-20 18:19:15

luusac wrote:
geno wrote:
Well, actually it is running on an UPS already. But what if the UPS runs out of battery power?
If memory serves there are threads in this forum on getting the dns323 to shutdown gracefully if the mains have failed and ups is running on battery.
lu

Oh, this sounds interesting. I'll have a look, thanks for pointing this out.

bq041 · 2008-07-21 02:59:26

There ar also threads here about running ext3 on the DNS.

bscott · 2008-07-21 06:59:41

geno wrote:
More specificly: Are my concerns about the single file that is being changed all the time valid or am I just missing something else?

Are you asking if the risk on the DNS-323 is any greater than doing the same thing on a dedicated HD inside a desktop PC? Are you worried about software bugs, hardware failures or transient unpredictable glitches, like an interruption in the network connectivity?

By and large the 323 is pretty solid for its intended use, and doing anything else carries a risk comparable to doing the same thing on other platforms. It's neither immune from, nor more prone to, most of the problems that you may encounter anywhere. As others will point out to you, nothing will replace having a valid backup of essential files, and no one can predict every source of potential problems.

If the CPU on the 323 is adequate to keep up with the needs of your scheme, and if you can fully test and validate the setup, I wouldn't worry about some inherent property of the 323 throwing a wrench into your plans.

geno · 2008-07-21 22:10:20

bq041 wrote:
There ar also threads here about running ext3 on the DNS.

Yep, I have read this thead about some EXT3 testing. It would be nice to have EXT3 running on the DNS-323 instead of EXT2, but until D-Link hasn't officially confirmed that there are not problems bound to using EXT3 anymore I will stick to EXT2.

bscott wrote:
Are you asking if the risk on the DNS-323 is any greater than doing the same thing on a dedicated HD inside a desktop PC?

No. I do know that it's basically the same thing. But there is one tiny difference that I feel needs to be looked at from a different point of view.

Let's assume I have a HD direcly installed in a PC and were to encrypt it by the method I described above (keyword: dm-crypt). I would use the HD's block device which for example is called /dev/sda1. Now, if I loop /dev/sda1 through dm-crypt, another block device will be created, maybe with the name /dev/mapper/crypt-sda1. At this point I can use /dev/crypt-sda1 in exactly the same way as I would use /dev/sda1. The only difference is that /dev/crypt-sda1 produces encrypted writes and decrypted reads. And the most importantl fact ist that any write action will modify the hard disk's content on a per block basis, hence it's called a block device.
So the worst-case would be to lose some blocks that have been recently written to the disk, but eventually not flushed from disk cache yet.

I hope you are still with me.
Ok, now let's take a quick look at the other scenario with my DNS-323.
I create one file on the DNS-323 called "container". It serves as my virtual block device later where I want to put my encrypted data into. The steps from opening the file to reading and/or writing to the opened file are exactly the same actions as my example state above with a HD directly installed in a PC. But this time there is one more "layer" before the data is finally read/written: the container file on the DNS-323 filesystem!

The difference I see here is the following:
On an interruption to write files inside the container may result in corrupted or lost data of those very files involved in this action.
On an interruption to write THE CONTAINER FILE on the DNS-323 filesystem may result in a corrupted file which may also lead to corruption of the container file and therefore complete data loss of everything inside the container.

I have to admit that I'm not fully aware of how those things are working inside. Maybe someone with that depth of knowledge is able to explain if I'm looking for a problem that technically doesn't exist at all.

bscott wrote:
Are you worried about software bugs, hardware failures or transient unpredictable glitches, like an interruption in the network connectivity?

Nope, not at all. Software and hardware failures can always occour and are not part of my problem. Network connectivity might be an issue, although a temporary loss of network connectivity should be nothing more than what would also happen if the DNS-323 is shutdown improperly.

bscott wrote:
By and large the 323 is pretty solid for its intended use, and doing anything else carries a risk comparable to doing the same thing on other platforms. It's neither immune from, nor more prone to, most of the problems that you may encounter anywhere. As others will point out to you, nothing will replace having a valid backup of essential files, and no one can predict every source of potential problems.

My DNS-323's primary task is to work as a backup storage, so data loss is not that bad, but reliability is something that makes live much easier. I don't want to rebuild or check the backup unit every 30 minutes, if you know what I mean.

bscott wrote:
If the CPU on the 323 is adequate to keep up with the needs of your scheme, and if you can fully test and validate the setup, I wouldn't worry about some inherent property of the 323 throwing a wrench into your plans.

The CPU of my DNS-323 is not a problem, because the CPU-intensive task (encrypt/decrypt) is handled by my server.

Grettings,
geno

bscott · 2008-07-22 02:37:02

geno wrote:
The difference I see here is the following:
On an interruption to write files inside the container may result in corrupted or lost data of those very files involved in this action.
On an interruption to write THE CONTAINER FILE on the DNS-323 filesystem may result in a corrupted file which may also lead to corruption of the container file and therefore complete data loss of everything inside the container.

Yeah, this would indeed be a function of ext2 as a filesystem - on the 323 or anywhere. And I believe ext3 WOULD be an improvement (due to the journaling) if it can be made stable on the -323. I don't know enough about ext2 to say how much damage it takes to wreck a large file, but one of the reasons I've avoided using encryption at all is to minimize my reliance on extra software to retrieve information in the event of a problem. I only have a few files that I would even consider encrypting, and more than once I've recovered them thanks to being able to use "dd | strings | grep" (to paraphrase)...

If you really need to encrypt 2 terabytes of data, you may want to look into something a bit more heavy-duty than a $150 box. But if the files aren't irreplaceable, I don't think your plan is too foolhardy to consider, given a UPS and a bit of luck...

geno · 2008-07-22 04:10:04

bscott wrote:
I only have a few files that I would even consider encrypting, and more than once I've recovered them thanks to being able to use "dd | strings | grep" (to paraphrase)...

That's a very good argument. Those simple tools wouldn't be much of a help on my systems at the moment.

bscott wrote:
If you really need to encrypt 2 terabytes of data, you may want to look into something a bit more heavy-duty than a $150 box. But if the files aren't irreplaceable, I don't think your plan is too foolhardy to consider, given a UPS and a bit of luck...

Hm... that's also true. Right now I'm using three full-encrypted Gentoo Linux systems. One of them is my laptop which I carry around quite a lot and thus should definately be secured by encryption. Maybe it's time to reconsider my situation and get rid of the encryption stuff on my two stationary rigs and also leave the DNS-323 unencrypted too. It will definately make things easier this way although I do really like the idea of doing backups the way I wanted to do them. Well, in the end I think that safe (and easily readable!) backups are much more worth than locked down backups where in case of emergency I'm almost unable to recover.

Thanks for the help to let me find out how I should do or better not do this.

Greetings,
geno

Last edited by geno (2008-07-22 04:14:02)

bscott · 2008-07-22 06:24:02

geno wrote:
Maybe it's time to reconsider my situation and get rid of the encryption stuff on my two stationary rigs and also leave the DNS-323 unencrypted too. It will definately make things easier this way although I do really like the idea of doing backups the way I wanted to do them.

I'm working on a backup dream-scheme which probably won't fly either, so I know how you feel... I guess it depends on why you're encrypting. If it's personal/private stuff, 2 TB is a heck of a lot of tax returns, naked pics and diaries! But if you're doing it just for the principle of the thing, I say take the plunge. If, however, it's - oh, let's say downloaded videos - which for one reason or another would cause long conversations if noticed by law enforcement - then definitely go ahead and encrypt, that stuff can be replaced! And if it's for sensitive business data, what are you doing messing around with consumer-grade hardware in the first place?

It's always smart to take a step back from the technical focus and remind yourself why you're doing whatever it is that you're doing. Fulltime disk encryption has limited use IMHO; you're guarding against people who are targeting you personally (as opposed to just grabbing your box to fence for a quick buck) but not smart enough to have stolen your password through some other means, like keyloggers or psychology or binoculars...

EnricoM · 2008-07-22 15:38:33

If you decide to continue this project, you might consider to write the data 2 times to 2 different containers sequentially. In case of power or connection loss, only 1 container could be affected. If you want to make it even more robust you could think of using 3 containers for writing and a 2 out of 3 voting mechanism for reading... It's not fast, but might solve your concerns.

geno · 2008-07-27 12:18:06

EnricoM wrote:
If you decide to continue this project, you might consider to write the data 2 times to 2 different containers sequentially. In case of power or connection loss, only 1 container could be affected. If you want to make it even more robust you could think of using 3 containers for writing and a 2 out of 3 voting mechanism for reading... It's not fast, but might solve your concerns.

Hmm... it's not only slow but also a big waste of space unfortunately. I don't think this is an option for me. As for now it seems best to return my NAS and install the harddisk drives in my server. I have to have block level access to my disks to encrypt my data successfully. Another idea is to use a SAN instead of a NAS, but to be honest this is far too much trouble for just making backups.

Last edited by geno (2008-07-27 12:19:04)

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2008-07-20 11:53:43

Huge container file with encryption accessed via samba (on DNS-323)

#2 2008-07-20 16:54:51

Re: Huge container file with encryption accessed via samba (on DNS-323)

#3 2008-07-20 17:56:53

Re: Huge container file with encryption accessed via samba (on DNS-323)

#4 2008-07-20 18:06:16

Re: Huge container file with encryption accessed via samba (on DNS-323)

geno wrote:

#5 2008-07-20 18:19:15

Re: Huge container file with encryption accessed via samba (on DNS-323)

luusac wrote:

geno wrote:

#6 2008-07-21 02:59:26

Re: Huge container file with encryption accessed via samba (on DNS-323)

#7 2008-07-21 06:59:41

Re: Huge container file with encryption accessed via samba (on DNS-323)

geno wrote:

#8 2008-07-21 22:10:20

Re: Huge container file with encryption accessed via samba (on DNS-323)

bq041 wrote:

bscott wrote:

bscott wrote:

bscott wrote:

bscott wrote:

#9 2008-07-22 02:37:02

Re: Huge container file with encryption accessed via samba (on DNS-323)

geno wrote:

#10 2008-07-22 04:10:04

Re: Huge container file with encryption accessed via samba (on DNS-323)

bscott wrote:

bscott wrote:

#11 2008-07-22 06:24:02

Re: Huge container file with encryption accessed via samba (on DNS-323)

geno wrote:

#12 2008-07-22 15:38:33

Re: Huge container file with encryption accessed via samba (on DNS-323)

#13 2008-07-27 12:18:06

Re: Huge container file with encryption accessed via samba (on DNS-323)

EnricoM wrote:

Board footer