Secure file server - hardware and software suggestions

Discussion in 'Storage & Backup' started by Rabid_Monkey, Oct 19, 2009.

  1. Rabid_Monkey

    Rabid_Monkey Member

    Joined:
    Dec 8, 2005
    Messages:
    150
    Location:
    Melbourne
    We require mass storage (approx. 12TB) which is to be encrypted and inaccessible to unauthorized users.

    I am looking at two seperate problems here. One is hardware, the second is software. Primarily before answering you should know this is a small business solution so the budget is limited. Backups are being handled through replication, so don't concern yourself with how are we backing up our data. However we require some fault tollerance as we do not want much downtime.

    Primary plans are roughly as follows. The test server I am building at home and testing thoroughly before deployment.

    Hardware:
    - Custom built system
    - 16x 1.0 TB drives
    - 16 port controller card (raid/non-raid)
    - dual core low power cpu
    - 8gb ddr2 ram
    - fast + small 4gb flash drive for operating system
    - biometric boot through usb bootkey (?)

    Software
    - variant of linux
    - zfs or similar file system
    - windows (smb) and https connectivity
    - bioapi compatible security application
    - authentication via password + biometric key


    Basically I am looking into help to build the hardware and select the software in such a way that a user on a Windows XP / Server / 7 machine and Ubuntu machine can mount the remote encrypted volume.

    This is to occur through the use of a password AND biometric key which will allow access to a shared decryption key (one for read, one for read/write, depending upon user levels). The encryption container format is likely to be a truecrypt volume (Serpent-Twofish-AES mode).

    Any ideas?
     
  2. gaspah

    gaspah Member

    Joined:
    Sep 19, 2008
    Messages:
    2,926
    Location:
    om nom nom nom
    why 8gb ram for a fileserver?

    i'd get 1.5tb drives and a 12port card saving some $$$, heat, psu, physical space..
     
    Last edited: Oct 19, 2009
  3. noobmastery

    noobmastery Member

    Joined:
    Dec 23, 2008
    Messages:
    888
    Location:
    Sydney, 2088
    I'd suggest compact flash for that one, compact flash to IDE adapters are quite cheap.

    As for authentication, have you considered a certificate?
     
  4. digizone

    digizone Member

    Joined:
    Jun 3, 2003
    Messages:
    339
    Location:
    Voyger1 is chasing me
    if you are running ZFS the more RAM you can add to it the better.
     
  5. saba

    saba Evil Vizier

    Joined:
    Aug 4, 2001
    Messages:
    2,711
    Location:
    Melbourne
    OS caching.
     
  6. -Sk3tChY-

    -Sk3tChY- Member

    Joined:
    Oct 27, 2007
    Messages:
    3,940
    Location:
    NSW, In a house.
    I wouldn't recommend having the OS on a USB Thumb Drive purely because it's limited to 480MB/s throughput whereas SATAII has much more headroom.
     
  7. saba

    saba Evil Vizier

    Joined:
    Aug 4, 2001
    Messages:
    2,711
    Location:
    Melbourne
    Storage is running on SATA2, OS is chilling in RAM; nothing to do with storage touches the thumbdrive.
     
  8. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,660
    Location:
    Canberra
    I run a customised OpenFiler install. Added cryptoloop support. The secure volume won't mount without an openssl key that's stored on a different server, which will only release it, when I authenticate the request.

    Backups are done through a tar | gzip | openssl | spantape pipe to LTO2 tape.
    again the keys are secured elsewhere.


    The catch with making it easy to access for windows users, is CIFS/SMB isn't that secure, unless you want to set up IPSec to/from the server as well (and make it mandatory). Other secure options (SFTP, SCP etc.) are not user friendly.
     
  9. noobmastery

    noobmastery Member

    Joined:
    Dec 23, 2008
    Messages:
    888
    Location:
    Sydney, 2088
    You can get eSATA thumb drives ;)
     
  10. neotheo

    neotheo Member

    Joined:
    Jan 26, 2005
    Messages:
    278
    Location:
    ~
    I know you said not to worry about your backup solution as you are replicating the data, but this could be used to provide more fault tolerance.

    You could use DRDB to replicate data between 2 servers, and HeartBeat to provide the failover/highavailability.

    As drbd will replicate the data between the 2 servers, you will have your backup.
     
  11. rowan194

    rowan194 Member

    Joined:
    Jan 5, 2009
    Messages:
    2,031
    After boot most of the access is likely to be small files so I don't think sequential read speed is really relevant.

    I would recommend against using USB for another reason - consistency. Who knows what's inside the stick? How established is the technology and how many compromises were made to get this consumer item to market as fast as possible? Use a SATA-CF converter and a more rugged/professional CF card such as a Sandisk Ultra II or Extreme 4.

    Just remember to tweak things to minimise writes, eg don't store your sytem or crontab logs on flash.
     
  12. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,660
    Location:
    Canberra
    Other than being a bad idea RE: writes. It'd also be insecure.
     
  13. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,660
    Location:
    Canberra
    Great system (I've implemented it before), but (and I didn't investigate this, because it wasn't an issue), is it secure?

    I know it operates at the block level on the volume, but in the 'stack' of kernel activity, does the crypto (and of course this will depend on the system used) or DRDB stuff happen first?
     
  14. rowan194

    rowan194 Member

    Joined:
    Jan 5, 2009
    Messages:
    2,031
    Good point, but would you really be writing out logs to the root?

    My NAS has the / and /usr partition on a 512MB IDE SSD (old school but it's solid) with /var being an encrypted partition on the RAID array. My security concerns/needs are not as high as the OP but the important thing is that the data on disk is encrypted - if the box is ever stolen (or even just rebooted) the data on /var is completely inaccessable without the password... which is NOT the same as root, in case you're wondering. ;)

    One thing to consider when setting up encryption is to include the swap partition in your security strategy. FreeBSD allows generation of a random one-time key so that a shutdown or reboot will lose the key and invalidate the data in the swap area.
     
  15. neotheo

    neotheo Member

    Joined:
    Jan 26, 2005
    Messages:
    278
    Location:
    ~
    Not so sure about crypto, but now I am interesting in finding out.

    As for DRBD being secure, that can be setup in its configuation. Secure authentication to the service and also physical security to the distribution network.
     
  16. Contagious2142

    Contagious2142 Member

    Joined:
    Oct 19, 2009
    Messages:
    27
    Software: http://www.freenas.org
    It works extremely well (i've tested it and i really like it)

    it is web based and im pretty sure you can encrypte your hard drives with it.

    just check it out.... download and install it on a virtual machine... only like 70+- MB's
     
    Last edited: Oct 20, 2009
  17. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,660
    Location:
    Canberra
    True you shouldn't; but how many distros have a separate /var partition defined in the installer. Those of us with more experience and a requirement for more security will know to look after that.

    I remember when the default install of most distros was a / and a /home and that was it. lol


    I've got my swap encrypted with a temporary key. That plus the data volumes won't (can't) automount. Mounting requires me to SSH on, run a script, which creates a client and server certificate SSL session to the key server (which is on the other side of the world), when I also need to be SSHed into to authorise the transfer.

    Will have to play around with DRDB again, although the first sync will be a killer.
     
  18. Goughy

    Goughy Member

    Joined:
    May 29, 2002
    Messages:
    197
    I've used OpenFiler in a commercial environment with 14x 146GB 10K SCSI disks and it ran quite nicely. I like the idea of an SSL key mod for verification.
     
  19. OP
    OP
    Rabid_Monkey

    Rabid_Monkey Member

    Joined:
    Dec 8, 2005
    Messages:
    150
    Location:
    Melbourne
    8GB or above. Caching, however also encrypted. Seagate Barracuda ES only comes in 1TB at the moment.

    CF may be a consideration, as long as I can figure out an encrypted mounting mechanism.

    Only if I can guarantee security.

    Will read up on OpenFiler this weekend. The setup you describe sounds like what I am trying to achieve; the authentication mechanism sounds like what I have to determine.

    Backups will also be encrypted and piped to a secure identical system in different geographical location (same city). A second local unit will only be active weekly for snapshots. LTO-4 is the current plan for monthly snapshots.

    I'll have to really look hard into making it easy to authenticate to Windows users - might have to write a custom application. More research required.

    This is part of the backup plan, however I hadn't considered failover / balancing. Thanks for the suggestion.

    The current average throughput to the servers is around 800KB/s read and 200KB/s write. So we don't expect the data-set to grow by more than 6.1TB in the next year. It's pretty much random-access. IF the user base doubles, they may need more storage, but we can expand the volume if it comes to that.

    As for the OS, there was no way I'd put it onto USB. I was considering Raid 0 encrypted CF cards, will have to see. I'll play around and run tests with different configurations to see what works best.
    I think when the test server proves secure and stable, it will take at least a week to deploy the other systems, and then another good two-three days to sync everything including the image servers.

    The information is very sensitive. The two-factors means we can revoke the user via either option if we believe they or their account has been compromised. It also allows us to completley lock out any users who aren't on our biometric db.

    There's only a few biometric scanners that provide ultrasonic / active capacitive scanning - at least these can't be fooled conventionally.
     
  20. MDKKnD

    MDKKnD Member

    Joined:
    Jan 8, 2004
    Messages:
    138
    Location:
    Adelaide, South Australia

Share This Page