network share encryption

Question

what is the best practice to share network drives (samba or windows share based) with encryption?

Simple PGP based key encryption? Or maybe with RSA token?

Anybody, share your experience on this!

Answer 1

I think you need to explain exactly what you achieve.

• Do you want the file encrypted on the server - typically unnecessarily in all but the most secure environment - file permissions are more appropriate.
• Do you want the files encrypted during transport between the server and the client?
• Do you want to secure files when they leave your network?

To answer the question, I would suggest Windows Active Directory & IPSEC - see Technet for more - for the transport and possibly EFS or Bitlocker for encrypting the filesystem.
All of this is possibly with Samba, but a lot more work!

There is is also so much more you need to consider (Kerberos, AD/LDAP, auditing...), but is beyond the scope of the question.

Answer 2

I'll share with you my own specific experience:

I have a LaCie 2Big 2Tb RAID1 mode ( 2 x 1gb mirrored hotswap hard drive ) Network Attached Storage. This specification is not relevant or required for your solution, just any shared or network attached drive will do. But I thought I would include it for interest anyway. This is attached to my wireless router.

I installed Truecrypt 6 on my notebook. I got Truecrypt to create an encrypted "volume" as an ordinary file on the LaCie. I use Truecrypt to mount the file so that it shows up as a hard drive in "My Computer" - Truecrypt asks me for a password (which I set earlier) before I can see the contents of the drive.

When I transfer contents between the LaCie and my notebook, this data travels via the fairly commonplace standard encrypted WPA2 WiFi wireless connection.

This is a setup aimed for the home and not high availability production use. AS other poster said, some more background on your circumstances would help. But I hope this real example has given you some ideas :)