2016年5月27日金曜日

TeraStation TS5000 : How to configure BootAuthentication

Buffalo released new FW Ver. 3.20 for TeraStation TS5000 Series.
Which supports new feature called "Boot Authentication". it's nice idea for data protection.
So I tried to configure that on my environment. Below is the configuration video, please refer this video for setup procedure.




Here is the explanation what it is.
* Originally TeraStation had the function called "disk encryption". Which encrypt the disk, but if someone steal the whole unit, he can see the data on the disk.
  So user need to use that function with the combination of hardware solution such as Kensington Lock to prevent to be stolen by 3rd person.
* Even in this case, if 3rd person steal the only HDD, data is encrypted on it. So that 3rd person can't get any data from that HDD.

* On new feature, Boot Authentication, it require authentication server within the local network(my understanding is bi-directionally reachable. so if you configure the port forward, I think it's possible.)
* Seems TeraStation try to communicate with Boot Authentication server. And then if he could talk with him, TeraStation expose the data on it. If TeraStation couldn't talk with him, TeraStation doesn't expose any data on it.
* This means, if someone steal the TeraStation, and boot it on his network, at that case TeraStation can't talk with BootAuthentication server, so he doesn't expose any data on it.  By this way, user can prevent the steal of data.
* Even TeraStation is not in the proper network, sometimes user want to access to data on it. for this case, it supports "manual decryption". User calls to administrator of BootAuthentication server, then he can get some token to decrypt the data temporary. Then he can access to data.

Anyway, this is nice solution to protect my data. I've already enabled this feature.

Only 1 difficult point is it require to delete all the data I want to enable the encryption. So I needed to backup them, and back to original place. But it's acceptable.

Especially, I recommend to users which start to use TeraStation newly, enable this feature before you put a large amount of data on it.


Have a nice day!
Spike.



0 件のコメント:

コメントを投稿