It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Warning External Encrypted Hard drives and Corporate PR Spin

page: 1
4

log in

join
share:

posted on Dec, 17 2014 @ 07:55 PM
link   
Looking around for some cheap DIY back up solution for 4-6 TB of data, I have been tempted to buy two WD Mybook external drive where I use one to backup my data from computers and mobile devices and the other to backup the other WD Mybook drive. I actually purchased them but then returned it once I found out it had hardware encryption. Unfortunately, looking around most type of drives appear to have hd encryption or the manufacture doesn't clearly label it and/or gives you the run around when calling support.

Here is an old but fairly good article explaining why you should stay away from using external hard drives that are encrypted.




www.baldnerd.com...


1. The hardware encryption only works if the thief removes the drive from the chassis.Even then its possible to bypass if they are able to get the right identical chassis components , although its time consuming and expensive to send for data recovery.

In reality and from my experience typically the chassis components fail before the drive or someone stealing only the hard drive without the chassis.

Therefore the HW Encryption will likely punish you the consumer and not a thief who leaves the case behind ,but takes the time to remove the drive. If its hardware encrypted than you will most likely lose your data because you won't be able to swap the chassis components or put the drive in another chassis unless you find identical chassis components on ebay.

2. The hardware encryption does nothing to protect you if the thief steals the complete case with the hard drive which is the most likely scenario that will occur.


The question is :



So who is the encryption on your external drive really protecting? It would appear to me that the only person getting locked out of your data… is you.


That is how it appears to me as well for the most part , so keep that in mind when doing backups. Ofcourse having one external drive is not a real backup solution, but for many home users its what they have.

Alternate solution is to buy your own drive and external case for those interested.
edit on 151231America/ChicagoWed, 17 Dec 2014 20:15:57 -0600up3142 by interupt42 because: (no reason given)




posted on Dec, 17 2014 @ 08:24 PM
link   
Just go to electronics store or on line and buy laptop hard drive and an external case. Or use old laptop hard drive and you have exactly what you want. It works just like regular hard drive, put your back ups on it as it will connect usb and you can encrypt it yourself if you want...don't really think a thief cares too much about your external hard drives especially when they can hack your computer from afar and get everything they want.

I hope you added that at the end cause I sure didn't see it before...now I feel the need to go back under my rock !



edit on 12/17/2014 by DJMSN because: addition



posted on Dec, 17 2014 @ 08:39 PM
link   
a reply to: DJMSN




I hope you added that at the end cause I sure didn't see it before...now I feel the need to go back under my rock


LOL, I think I added about the same time you were creating your post.



posted on Dec, 17 2014 @ 08:49 PM
link   
a reply to: interupt42

Well then...I don't feel so bad (in a muffled voice from under my rock) !

Actually I do this with all my computers when I get a new one. Strip the old one of anything useful like memory or hard drives then use then format them and use them as backup hard drives and in some case as the primary storage space.



posted on Dec, 17 2014 @ 10:18 PM
link   

originally posted by: interupt42
Here is an old but fairly good article explaining why you should stay away from using external hard drives that are encrypted.


www.baldnerd.com...
Not a good article. For example:


Bret Austen, General Manager of Positive E Solutions Inc., in Barrie, Ontario calls this feature a “false sense of security.” He explained to me that while his company does carry these drives, the encryption features are not a true protection for the users’ data.
The source describing the drives as a false sense of security doesn't seem to know what he's talking about because he doesn't mention a password.

www.wdc.com...

Password protection for privacy
Gain peace of mind knowing that your data is protected from unauthorized access with password protection and encryption.*
* A model with disabled encryption is also available.
So the thief won't have your password, unless you do something stupid like write the password on a post-it attached to the drive.

Here's a paper explaining some of the attacks tried on hardware encryption devices, and compared it to software encryption:

Hardware-based Full Disk Encryption (In)Security

There could be one or two small advantages to hardware encryption but for most of us they are irrelevant and the disadvantages outweigh the advantages, so I agree with your conclusion but not that a thief can read your password protected data.

Also did you notice this? "A model with disabled encryption is also available". Just get that one instead. Or get an internal drive and plug it into a hot-swap dock. I'm NOT recommending this specific product, this is just an example, do your own research:

www.bestbuy.com...

That would hold two 2TB drives, giving you 4TB. But it won't work with larger drives, so be sure to read all the specifications if you go that route. In order to hold 6TB you'd need 3 2TB drives and could only access two at a time. (That won't work with two 3TB drives).


edit on 17-12-2014 by Arbitrageur because: clarification



posted on Dec, 17 2014 @ 10:31 PM
link   
About vulnerable as the new WiFi enabled drives



posted on Dec, 18 2014 @ 12:14 AM
link   
a reply to: Arbitrageur




The source describing the drives as a false sense of security doesn't seem to know what he's talking about because he doesn't mention a password.


Hardware encryption and software encryption are two different things. The discussion in the article was about hardware encryption and how its often a hassle for the buyer not a thief. The hardware encryption does not store or use a user accessible or manageable password but rather its tied to the actual drive and chassis (hardware).

Therefore if the drive works and the chassis fail as it often does, at least in my experience with external drives than you will lose your data unless you have time and money to burn with recovery efforts.

In order to use the password feature you have to use their WD SmartWare SOFTWARE. Regardless, often people use the external drive without ever installing or using their SmartWare software. Hence no password protection.



www.wdc.com...

to create a password and keep others from accessing the files on your drive:
1.Click the Settings tab to display either the WD SmartWare Settings screen (Figure 11
on page 20) or the drive management Drive Settings screen (Figure 17).




For example:
1. I have a Hardware Encrypted External Hard Drive (HEEHD) with my personal data on it.

2. I can then connect the (HEEHD) to pc1 and read and write to it via the usb port no problems and no passwords.

3. I can also connect that same (HEEHD) to pc2 and read and write to it via the usb port no problems and no passwords and so could a thief.


In regards to buying not encrypted option: IMO That is the way to go for the typical personal cheap backup system that is not going to leave the house because it removes an additional layer that can compromise your data. Hopefully the user will have at least a second backup for the backup but more often than not that is not the case.

In addition the drives I have seen that don't have the hardware encryption also have less capacity and fewer disk management options

Don't get me wrong if you have sensitive information getting on prying hands then both hardware and software encryption is the way to go.

However, from most people I have encountered that are not really computer literate they typically don't care about prying hands but rather doing simple backup from their pc to their external drive or to add additional space to their computers.

In that case the hardware will only cause more pain towards them because they already have a single point of failure. If they didn't have hardware encryption they could at least attempt a recovery with another external drive adapter.

edit on 251231America/ChicagoThu, 18 Dec 2014 00:25:08 -0600up3142 by interupt42 because: (no reason given)



posted on Dec, 18 2014 @ 12:56 AM
link   
I have more that I little experience with corporate encryption standards/options. Unfortunately, there are many, many devices out there billing themselves as "hardware-encrypted", that frankly are not. If the device requires any special software being installed on a computer to use it, then it's IMH(f)O NOT truly hardware-encrypted. Truly hardware-encrypted devices are plat-form neutral, having some sort of key-pad or keyboard on the device itself for entering an access-code. There are many, many USB thumb-drives out there that claims to be hardware-encrypted. It used to drive me nuts a former employer when employees would want to use some random USB storage device on their computer, which they said was hardware-encrypted - and I had to tell them "no, it does not meet our security requirements to be white-listed". Any removable storage models that were not specifically "white-listed" we were automatically blocked by our removable encryption management system (which I happened to re-architect and re-implement personally in 2013).

My personal recommendations for personal use are:

  • Apricorn Aegis Secure Key (for a thumb-drive format)
  • DataLocker DL3 (for an external hard-drive format)



posted on Dec, 18 2014 @ 04:20 AM
link   
Just use truecrypt to encrypt the whole drive. Take a password with 20 letters (upper and lower case, numbers, special characters) and nobody will every being able to decrypt it.
No need for hardware encryption.



posted on Dec, 18 2014 @ 04:25 AM
link   
WD would not be allowed to market a device where the password was needed if the CIA raided your home and you can guarantee a back door.

Hell even our mobile voice calls are not encrypted because service providers are controlled by state regulations and the state stops anything that would stop them listening to or private calls.

We are all terrorists because the state is at war with its own people.



posted on Dec, 18 2014 @ 04:39 AM
link   
a reply to: aLLeKs

Software based encryption is about the best choice on offer but it's probably not true to say "nobody will ever be able to decrypt it" as there are a number of supposed backdoors and vulnerabilities based on very complex mathematical relationships that would allow a third party to compromise your security in a lot of these offerings.

This is purely working on the naive assumption that nation state intelligence services rely on conventional computing power and dont have access to next gen processing power.

This is a good example of a situation that probably doesn't exist in isolation:

In summary: A three letter agency pays a US based company to keep an element in their offering that provides an easy backdoor if you know how....


edit on 18-12-2014 by Jukiodone because: (no reason given)



posted on Dec, 18 2014 @ 05:04 AM
link   
Well you can tell that Microsoft is on the CIA/NSA payroll because they locked out TrueCrypt in Win8 which makes me trust BitLocker about as far as i can throw Bill Gates.

Windows-10 ? No thanks and i am thinking about going back to XP



posted on Dec, 18 2014 @ 07:13 AM
link   
I had this issue when my external drive fried. Encrypted, so how can I possibly get that data back? You have answered my question and it was what I had thought. Thanks - star and flag.



posted on Dec, 18 2014 @ 11:57 AM
link   
a reply to: MichiganSwampBuck

Yeah unfortunately the consumer is the one that gets punished with the hardware encryption on these hard drives and the way they are typically used.

Your option to get the data back is not likely possible for most users. Best case scenario the manufacture was lazy and used the same encryption keys across the chassis, not likely but has happened. So you would have to buy an identical drive within the same date of manufacturing from the same plant to increase your odds.

Another option that can defeat the hardware encryption but not for the faint of heart is to actually remove the hard drive platter and place it in another drive to be read. However, that assumes no software encryption was used when writing to the platter.

So in the end for home use I see the hardware encryption option more dangerous for the typical user for backups purposes because it adds another failure point on their typical one backup drive/extra storage solution.
edit on 581231America/ChicagoThu, 18 Dec 2014 11:58:57 -0600000000p3142 by interupt42 because: (no reason given)



posted on Dec, 18 2014 @ 04:56 PM
link   
a reply to: interupt42

Wow!!

Thanks for the heads-up on this. I had no idea that WD was doing this under the cover. I believe that in the future I will stay clear of all of these external drives and build my own unit.

From what I understand, the drive is encrypted by default using a key that is stored in the clear on the drive itself. When the user uses the software that comes with the WD unit to set an actual password on the encryption, the extant key is just encrypted with the new password.

I believe the reason that the "clear key" encryption is used by default is to make the firmware simpler and the performance better. When only the key is encrypted, any change to the password that the user set is limited to simply re-encrypting the key. Otherwise, if the user-set key was used directly in the data crypto, the entire drive would have to be unencrypted using the old key, and then re-encrypted with the new password. It could take many hours to perform that process on multiple terabytes of data.

The downside is that if the controller board dies before the drive, you're SOL. On the other hand, mechanical drives tend to die long before the controller electronics.


dex



posted on Dec, 18 2014 @ 06:30 PM
link   
a reply to: DexterRiley

Yeah HW encryption can be good, but for most users and how they utilize external hard drives it just adds another layer that increases the likely hood of loosing data.

I have my own individual external cases for mine.

However, I'm looking at making a diy cheap start and expandable backup, storage 24/7/365 , home cloud internet host personal solution for home use.

Thinking with starting with a non raid 4 case unit to host 4 WD Black or Red drives running of my htpc.

such as the Mediasonic ProBox HF2-SU3S

1. Start with a 2 TB WD black and a 6 TB Red but likely end up with the following configuration:
Drive 1 = 2 TB WD Black E - HTPC media storage
Drive 2 = 2 TB WD Black E - Personal pictures and videos
Drive 3 = 2 TB WD Black E - DATA and possible internet personal home cloud based accessible drive
Drive 4 = 6 TB WD Red - Backup drive 1-3

Looking at free , open source, or OS controlled: windows or linux provided backup software to do the backups
Any suggestions appreciated. Other option I might look at depending on time and honey do list is creating my own but time is going to be a big factor against this.

The ProBox drive connects via ONE USB 3.0 connection to the HTPC but show up as 4 different drives (JBOD) on the HTPC and I can share all them on the network. The laptop runs on a daily basis or might connect to a raspberry down the road once they have USB 3.O. Also being a laptop I can count on the battery to keep power during outage and only require a UPC to support the Probox and local wifi.

Down the road might expand to a raid and use the existing box as its backup. Didn't want hardware raid for now as the boxes I have seen for the price range appear to require a formatted drive and limit options.

The box I'm thinking about going with is a ProBox (anyone used them before)? they appear to have good reviews for the most part) but also appear to be a small company and I have seen some complaints in regards to service but that goes for the big guys as well:

The box: Mediasonic ProBox HF2-SU3S2 4 Bay 3.5" Hard Drive Enclosure - USB 3.0 & eSATA, Support SATA 3 6.0Gbps hard drive transfer rate and last I checked online it was around 99 US beans.

The drives I plan to use are the WD Black which are performance based and the WD Red which are slower but more reliable from what I have seen for the backup purposes.
edit on 451231America/ChicagoThu, 18 Dec 2014 18:45:22 -0600up3142 by interupt42 because: (no reason given)



posted on Dec, 18 2014 @ 09:47 PM
link   
a reply to: interupt42



However, I'm looking at making a diy cheap start and expandable backup, storage 24/7/365 , home cloud internet host personal solution for home use.

Sounds pretty cool. I've been thinking a little about this myself.

If I understand you correctly, this might work:

  • Home Theater PC (HTPC)

    • Laptop
    • Windows
    • Share drives from ProBox on network
    • Securely share 1 drive on Internet
    • Run backups

  • ProBox

    • USB 3.0 output
    • 1 to 3 x 2TB HDD
    • 1 x 4TB HDD************

  • Wireless/Firewall

    • Port open/forward to server
    • VPN

  • UPS Unit

    • Backup power for wireless, ProBox, Laptop


    ************ Specs say only drives up to 4TB are supported on the Mediasonic HF2-SU3S2 3.5" Black SATA I/II/III USB3.0 & eSATA 4 Bay External Enclosure

    Notes:
    1. A simple way of backing-up remote units is to use a service like DropBox. The backup server pulls the data from DropBox and synchronizes it to it's store. That's not as risky as opening the server up to the Internet. But it also limits the amount of data that can be synchronized.

    2. You can probably get away with using an older version of Windows on the HTPC. For instance WinXP is familiar and easy to use. Linux is probably just as easy and it's more secure and solid, but you need knowledge of the OS.

    3. It makes me cringe to think of any kind of server connected in the DMZ. If you need Internet access to the drive itself, then that's what you'll need to do. But you can also use another separate low end laptop from the junk closet as a DMZ host. Then have it serve the contents of the cloud shared drive.

    4. If you connect to your homebase cloud via a firewall, then secure the remote connection via a VPN tunnel to the firewall.

    I was thinking about doing this in an old desktop computer. It's able to both house the drives and provide the file sharing services. But it's more bulky and no doubt consumes more power than your proposed design.


    dex



posted on Dec, 18 2014 @ 09:58 PM
link   
a reply to: VirusGuard




Well you can tell that Microsoft is on the CIA/NSA payroll because they locked out TrueCrypt in Win8 which makes me trust BitLocker about as far as i can throw Bill Gates.


If you look into the details of the Lavabit debacle I might not be to confident in assuming any one operating company isn't vulnerable to the CIA/NSA persuasion.

Lavabit owners couldn't even discuss some aspects of the case with their own attorneys. In the end they had to either play ball or shutdown. They opted to shutdown,

Now whether a third plausible option existed and or was executed in order to safe face and other legal matters, is debatable? : Take the Shut-down option to safe face and avoid personal legal matters, but still play ball and provided the information or go to jail ?

Was option 3 taken or provided I don't know but I wouldn't be surprised.

en.wikipedia.org...



posted on Dec, 18 2014 @ 10:50 PM
link   
a reply to: DexterRiley



Specs say only drives up to 4TB are supported on the Mediasonic HF2-SU3S2 3.5" Black SATA I/II/III USB3.0 & eSATA 4 Bay External Enclosure


Some of the reseller sites appear to have invalid description which doesn't match the manufacture. Also reviewing the Amazon comments several users have confirmed the ability to utilize 6Tb drives. Just need to make sure to have GPT enabled versus MBR to see 2GB + drives.

From the manufacture


Mediasonic HF2-SU3S2 ProBox is a 4 Bay Enclosure for 3.5' SATA I / II / III hard disk drive. It supports 4 hdd of different brand and capacity up to 6TB per drive
www.mediasonic.ca...





1. A simple way of backing-up remote units is to use a service like DropBox.

I'm really looking to stay away from online providers. I don't feel comfortable with my data on their servers nor do I want to pay a monthly subscription or be tied to their policies.



2. You can probably get away with using an older version of Windows on the HTPC

I have a couple older pc that I already use for this . Right now its running windows 7 without any hitches. I use linux for my VM images and also use linux vm images for web browsing on my windows computer. I might get around to reinstalling the pc to linux down the road.




3. It makes me cringe to think of any kind of server connected in the DMZ. If you need Internet access to the drive itself, then that's what you'll need to do. But you can also use another separate low end laptop from the junk closet as a DMZ host. Then have it serve the contents of the cloud shared drive.


Yeah me too and I'm not so sure I'm going to be doing this at first and might wait for phase 2 and implement with an isolated host as you suggested. However the accessible drive wouldn't have any information that I wouldn't want to get it out.




4. If you connect to your homebase cloud via a firewall, then secure the remote connection via a VPN tunnel to the firewall.

I was thinking about doing this in an old desktop computer. It's able to both house the drives and provide the file sharing services. But it's more bulky and no doubt consumes more power than your proposed design.


thanks for the feedback and suggestion.


I was also thinking of using a raspberry pi versus the laptop down the road when it can support USB 3.0 to reduce the power consumption .
edit on 531231America/ChicagoThu, 18 Dec 2014 22:53:03 -0600000000p3142 by interupt42 because: (no reason given)



posted on Dec, 18 2014 @ 11:45 PM
link   
a reply to: interupt42



Some of the reseller sites appear to have invalid description which doesn't match the manufacture.

Good point. I should have looked at the Manufacturer specs, rather than what NewEgg states in the description. It's possible the specs provided by the resellers are out of date as well.



I'm really looking to stay away from online providers.

I can understand that. Especially right now. I'm currently feeling a lot of bad vibes coming from the US government and Google, among others.

I used dropbox a few years ago, and having the near-realtime backup saved my bacon several times. I was using an open-source program that crashed and totally trashed my data file. I was able to go back to the DropBox site and retrieve an older version of the data file without loosing too much work. It's nice to have that capability.



However the accessible drive wouldn't have any information that I wouldn't want to get it out.

That's always important of course. Data can be compromised so easily these days that it pays not to have anything too mission critical available on the Internet. Even if it is behind a firewall. On the other hand, an infiltrator can manipulate the data in such a way that it can make for a "really bad day."




I was also thinking of using a raspberry pi versus the laptop down the road when it can support USB 3.0 to reduce the power consumption .

That's interesting. It didn't occur to me that you were talking about the raspberry pi. For some reason, I had a picture of a Blackberry in my mind. I'm pretty sure a Blackberry wouldn't make a good server. :-) I like the embedded system idea. The raspberry pi would essentially make the ProBox device into a stand-alone Network Attached Storage. A UPS would be able to support that configuration for quite some time during a power outage.

One thing occurred to me with respect to a blackout. I know that with some of the Internet provider technologies I've used in the past, when the power is lost to the residence, the Internet also goes out. The grid power is used for hubs and concentrators that mux the limited bandwidth available to serve certain areas. I almost always lose cable modem connection. But I once had DSL and was located very close to the CO. That connection never wavered and I had Internet as long as the electric generator held out.

Good luck with your project. And thanks for the heads up about WD drives.


dex







 
4

log in

join