Physical security, lock, password, & encryption

Hi, I had to do a factory reset (to fix lost access when I set to static IP); and I learned how easy it is to reset admin password. This may be helpful to me, but it’s also a security risk.

1) Password Reset:

Anyone can walk in the room, reset the device, and then gain admin access and thus access to my passworded shares.

What can be done to prevent this and/or add another layer of restricted access/password before resetting admin pass?

2) Physical threats to drives:

I’m not sure of the admin-benefit of easy-to-pull out drives from a backup NAS (that should have the drives moved the least as possible); but the drives are TOO easy to take out by thieves. They can take out the drives, put them in a new enclosure and bypass the passworded shares.

What can I do to prevent this? I was thinking of buying a cage made for drives (with vents), and lock it closed. I found giant server racks (too big). Anyone have a link or example that is cost and size friendly, but still has a lock?

I saw this, but those locks look small, generic, and easy to pick.

http://www.sears.com/bestchoiceproducts-9u-it-wall-mount-network-server-cabinet/p-SPM7914729208?hlSellerId=24657&sid=IDx20110310x00001i&kpid=SPM7914729208&kispla=SPM7914729208&kpid=SPM7914729208&mktRedirect=y

edit: PS. I notice you guys comment on the heat and fan not turning on… If I did put this NAS into an enclosure… and temp increased, then what temp is too high?

3) Harddrive encrpytion:

I bought this because it had harddrive encrpytion as an option. But I do not know how to do this, nor the risk vs reward.

I read for another WD product that if the enclosure failed with the drives encrypted… then the user would be locked out of the data with no method of recovery.

Can anyone provide me with more info of harddrive encrpytion on this unit, and the long term risks from enclosure failure?

Examples:

“WD My Book Duo data forever lost if Drive Enclosure Dies!!”

http://community.wd.com/t5/External-Drives-for-PC/WD-My-Book-Duo-data-forever-lost-if-Drive-Enclosure-Dies/m-p/877239#M24649

Im uncertain if this applies to the EX2? “WD SmartWare Security: Encryption”

http://community.wd.com/t5/WD-Software/WD-SmartWare-Security-Encryption/m-p/576629/highlight/true#M6803

Thanks

1. This is standard for WD NAS devices with a reset switch for user convenience. 

2. A hard drive cage is the best option. I’m sure an appropriate one can be found by using your WD My Cloud EX4’s measurements as a guide.

3) Maybe you should try contacting WD’s Technical Support about this. You can do so either by phone or email.

To Contact WD for Technical Support
http://support.wdc.com/contact/index.asp?lang=en

Support by Country
http://support.wdc.com/country/index.asp

Thanks for your reply.

1. I understand this is standard. Just wondering if any NAS maker or user developed a 2 part password reset that requires another password or perhaps a physical key built into the device.

2. I will try. I just figured that the topic may have been covered before somewhere, but my search words were not exact enough to find where.

user55 wrote:

3) Harddrive encrpytion:

I bought this because it had harddrive encrpytion as an option. But I do not know how to do this, nor the risk vs reward.

I remember that when i formated the disks and created the RAID 1, i had the option to encrypt. So maybe only then you can encrypt your drive, not later.

I think someone else said that too. But does anyone have experience doing it, or can WD answer what the encrpytion involves? Such as encrpyting just the index (as someone else said about the different unit), or the full files?

Is there any WD answer about it?

PS. I notice you guys comment on the heat and fan not turning on… If I did put this NAS into an enclosure… and temp increased, then what temp is too high?

Yes, when create RAID 1 with encryption enable.  Hard drive move to another NAS or PC will need the encryption key to be able to view the data on the hard drive