1

Due to financial regulations, I need to set up a shared encrypted network volume with the following properties:

  • Shared encrypted network volume with read/write access for specific users.
  • Administrators must not be able to read/write files in the encrypted volume, only perform backup of the encrypted files.
  • Must be accessible from both OSX and Windows clients.

Can anybody recommend software that will support this scenario?

Ps: I have looked at ShareCrypt, MS EFT, which does exactly what I want, but does not work with OSX. TrueCrypt volumes do not work well when shared among many users at the same time.

EEAA
  • 109,363
  • 18
  • 175
  • 245
Egil Hansen
  • 203
  • 2
  • 8
  • 4
    This is a rather moot attempt at security against malicious admins - administrators will be able to inject anything in the user's workstations, including code to intercept the encryption keys and thus might get access to the data - encrypted or not. – the-wabbit Jun 15 '11 at 22:12
  • 1
    Do you you need to encrypt the files or restrict the rights on the files? Would AD RMS solve this problem? – Jim B Jun 15 '11 at 22:37
  • 1
    @syneticon-dj: I agree. As an admin I would always be able to install a keylogger on a users system and grab the password. So it is definitively not an optimal solution. @Jim B: It is mostly about restricting access -- I will look into AD RMS. Thanks. – Egil Hansen Jun 16 '11 at 00:45

1 Answers1

1

What you're looking for really doesn't exist because the components to make equivalent security do. You can use on-disk encryption to keep the files mostly protected against physical theft. Your system security keeps viruses and malicious users out. On the wire encryption (ie IPSec) keeps eve out. The network file system (probably CIFS in this case) does access control, something like AD does authentication and authorization.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • 1
    That would meet all but the second point. An administrator could simply restore the desired files to another location, giving them full access with nothing showing in the logs to indicate they have even attempted to access the files. – John Gardeniers Jun 16 '11 at 02:28
  • 1
    @John, Ultimately there's nothing that can be done. There always exists an admin, who with sufficient time, can manipulate the system in any way he/she wants. The best that can be done is to audit changes made by the admin; this doesn't stop the admin from clearing the logs; and given sufficient time the admin could fake the logs to erase every trace. I know of no system where this is not true. That being said, more likely than not this situation has multiple people with admin privileges who neither need them nor should be granted them. Which could limit the number of people able to do this. – Chris S Jun 16 '11 at 04:35
  • 1
    Also, the second point contradicts it self in that the files must be readable to be backed up. This doesn't necessitate the admin being able to read the plaintext, but backing up an encrypted file system as-is maybe be more headache than finding a single trusted admin to do backups. Further, if the backup does not contain the necessary information to recover the plaintext, what use would it be? You could separate backup privileges for the encrypted data from the keys, but that doesn't stop two people from colluding. – Chris S Jun 16 '11 at 04:38
  • 2
    The restore issue can probably only be solved by the files staying strongly encrypted, even during the backup process. Of course that has it's problems as well, such as lost or forgotten keys/passphrases. Despite all the forgoing, I've always believed that if you don't trust your admin no security measures will protect you. – John Gardeniers Jun 16 '11 at 07:33