The DOs and DON'Ts of NAS Encryption - SECURE YOUR DATA NOW

Advanced data protection is no longer available to new users in the UK, What a country we live in! 😢

I just can't stop looking at that red watch. It remind me of the 80:is.

I think I will call it a porcupine.

You could always use Cryptomator on your NAS, it’s not just for cloud storage.

No hate but why deeply "explain" SSL certs when you don't know much about them?
Even when using a self signed one, no unencrypted traffic is going to be exchanged between client and server (NAS)
Biggest downside is, you won't easily notice if someone hijacks your connection.
The rest on that topic didn't make much sense either...
It makes you look less knowledgable than you really are.

I'm left feeling two important points were left out.
One: You talked about encryption At-Rest and briefly touched on Mounting the Encryption Key to make the data accessible (unencrypted form). At issue for most home users of NAS is that once mounted, it's unencrypted... either the whole folder or the whole volume. Providers like Synology do not provide more granular level encryption, like page-level encryption in memory, similar to Thales CipherTrust Manager. As a result, entire folders or volumes of data are left essentially unencrypted while in use. The real firewall here is access control. Usually using different credentials on the NAS than your IOS or Windows machines, this provides a layer of protection ASSUMING you haven't opened those doors with memorized login credentials on your IOS or Windows device(s).
Two: You talked about VPN which is really just an encrypted tunnel between two points. If you don't encrypt the data first, then it's exposed on both sides of the tunnel. The actual encryption for In-Transit you should be talking about is TLS 1.2 or TLS 1.3. This Transport Layer Security is what's really important. And, you SHOULD do it within your home LAN too. This helps protect against attacks from devices that may be on your LAN with weak security (e.g., IoT devices like TV's, DVRs, Cameras, FireSticks, e-Readers, Consumer appliances like Fridge, Washer, Dryer, Oven). TLS is needed for:
a) Protection Against Insider Threats
b) Safeguard Against Compromised Devices
c) Protection against Network Snooping
d) Defense-in-Depth Strategy
e) IoT and BYOD (Guest) Security

I'm not dismissing the value of good firewall rules and network segmentation (e.g., VLAN - putting your IoT and Guests on separate network segments). But most networks still have a set of devices authorized for each network segment.

So basically, you created this advert, because of the sponsor

The red watch is back! I will sleep much better tonight...

PSA: NAS-to-NAS communications are already encrypted; no need to buy anything.

Want a mesh VPN? There are free options available.

I have a Synology DS214Play and I find it very slow. I've had it since 2014. There are no more updates, so I'm thinking of changing it.

All these VPN ads are so misleading and obnoxious I’m gonna vomit

The only encryption I trust, is the one where I hold the keys.

Does encryption protect against worms that encrypt and hijack ones drives? It doesnt. Encrypted data will be encrypted again and does nothing vs such an attack.

You mentioned ADP, this is no longer available in the UK on apple products. You cannot turn it on manually just an FYI. BTW really enjoy your content

Hope I can find a guide for it because it’s going to take me months to understand and apply it to my NAS

Slightly OT, now that someone else has brought up Tailscale (TS). TS is working on a new feature / app called Tailchat. It's a peer to peer messaging app that has no servers in the middle. I don't use it but a techie friend has tried it out and it rather impressed with it so far. PS, I'm one of those people who just can't seem to get my head around certificates.

How do you feel about Tailscale

Remember in America they demanded that everything have back door access when the Chinese compromised the communications grid, energy grid and basically anything connected to a computer that wasn't using encryption or "excessive" network security. Turn sound giving everything a back door is a terrible idea when there are hostile governments in the world.
That may still be happening but Trump fired the people doing the public reporting on it.