Do you encrypt data on your own local file server?

Do you encrypt data on your own local file server?

  • Yes

    Votes: 3 17.6%

  • No

    Votes: 14 82.4%
  • Total voters
    17
E

EnderW

[H]F Junkie
Joined
Sep 25, 2003
Messages
11,250
Wondering how many of you encrypt data on your local desktop or file server. I'm in the planning process of reconfiguring my TrueNAS servers and considering turning on encryption for everything.

However since I'm not very familiar with that side of things, I'm hesitant because I don't want to inadvertently "ransomware" myself.

It seems like it would be beneficial when selling an old hard drive as there wouldn't be anything on there to have to secure erase.
But other than that, the benefits seem limited. The data would be in a decrypted state 99% of the time when the server is powered on, so the only scenario I would be protecting against is if someone broke into my house and took hard drives or servers and then attempted to access the data in a different location - am I understanding that correctly?

So right now I'm leaning towards keeping the status quo of no encryption.
 
I use disk encryption on my computer for work (because client policy) and on my rented server (because I don't trust the service provider to wipe disks), but everything else is unencrypted.

At this point, I'd rather deal with having to wipe or destroy drives when I'm done than make it harder to recover from partial drive failures.
 
I encrypt my local machines because why not, the performance hit is negligible. For rips/pr0n/warez on my server/NAS I don't bother because it doesn't matter for that stuff.
 
If there is any risk of "theft" or "investigation", I would advice encrypting. As long as the CPU hosting the file share is sufficient and you don't mishandle the encryption key, then there's no downside.
 
NAS: I encrypt the dataset containing the home directories, as it holds some records, etc. that are sensitive (e.g., bank statements). It's off-site backup (Backblaze) is also encrypted of course. Anything else is just media, so no reason to bother.

Desktop: no, as anything sensitive I might work with is stored on the NAS.

Laptop and phone: of course, given they leave the house.
 
EnderW said:
Wondering how many of you encrypt data on your local desktop or file server. I'm in the planning process of reconfiguring my TrueNAS servers and considering turning on encryption for everything.

However since I'm not very familiar with that side of things, I'm hesitant because I don't want to inadvertently "ransomware" myself.

It seems like it would be beneficial when selling an old hard drive as there wouldn't be anything on there to have to secure erase.
But other than that, the benefits seem limited. The data would be in a decrypted state 99% of the time when the server is powered on, so the only scenario I would be protecting against is if someone broke into my house and took hard drives or servers and then attempted to access the data in a different location - am I understanding that correctly?

So right now I'm leaning towards keeping the status quo of no encryption.
Click to expand...

ZFS encryption is very save, very easy to handle and you can enable per ZFS filesystem even with different keys. Only care about the keys. If you loose them you will not be able to access your data. Encryption does not protect unlocked filesystems but protect against theft or disks when you bin them. As Open-ZFS supports raw zfs replication you can even backup filesystems encrypted with its key.

There is only the use case VM storage and databases where encryption is bad . In such cases you should enable sync write what drastically reduces performance, see my tests with encryption and sync at https://www.napp-it.org/doc/downloads/epyc_performance.pdf
 
As Johnny say: "If it don't encrypt, then you must acquit" well sorta anywayz....hehehe :) j/k
 
You must log in or register to reply here.
Back
Top