PDSWSS
asked on
What would be a reliable method to encrypt (FIPS algorithms) backups of an Access 2000/2007 Database?
I need to encrypt backups of our Access 2000/2007Database using FIPS-140 compliant algorithms.
I am looking for software I can test that can reliably perform this task.
I am looking for software I can test that can reliably perform this task.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your answers - I assume if the database is encrypted on the server, it will still be encrypted in the backup and I will not need to encrypt the backup. Is this correct?
depends on how it is encrypted. if you use on the fly encryption (such as EFS or Truecrypt) then it will be *decrypted* when you back it up.
if you encrypt a file though, you can back up the encrypted file and still have it be an encrypted file; be careful however not to repeat any fixed passwords as that can introduce dangers if the same password is used to encrypt multiple instances of an access database file.
fixed passwords are always an issue - which is why ssl and pgp use a randomly generated password, then encrypt THAT using asymmetric encryption (rsa dh or ec, usually)
if you encrypt a file though, you can back up the encrypted file and still have it be an encrypted file; be careful however not to repeat any fixed passwords as that can introduce dangers if the same password is used to encrypt multiple instances of an access database file.
fixed passwords are always an issue - which is why ssl and pgp use a randomly generated password, then encrypt THAT using asymmetric encryption (rsa dh or ec, usually)
ASKER
DaveHowe: Thanks for your answer-
This is an Access database - The frontend is on a share and the backend confidential data is in
SQL Server 2005 encrypted via the local policy in Windows Server 2003 - enable FIPS ...
Would this type of encryption remain encrypted when backed up via NT backup in Windows 2003?
This is an Access database - The frontend is on a share and the backend confidential data is in
SQL Server 2005 encrypted via the local policy in Windows Server 2003 - enable FIPS ...
Would this type of encryption remain encrypted when backed up via NT backup in Windows 2003?
in response to an earlier post - note that pgp *is* FIPS certified, but GPG (despite producing identical encrypted files, which can be decrypted using pgp and vice versa) is not.
PGP is a relatively expensive commercial product though.
PGP is a relatively expensive commercial product though.
Hmm. 2005's FIPS mode is really just a restriction to the available cryptosystems - the certified library belongs to windows; just turning on FIPS isn't enough, you must also instruct 2005 on what data must be encrypted on the hard drive, and to insist on encrypted traffic from client to server.
routinely you would create a master key on the database, then secure that with a passphrase; the passphrase would be needed while accessing the data, so almost certainly would be in cleartext in your access database (obviously a concern if that is backed up)
The master key is also available to the database (perhaps obviously) so for that reason a copy is encrypted with the service key, created when 2005 is installed. this is not normally included in backups, so that the backed up data is backed up still encrypted. the service key must be exported to file and backed up separately, for DR purposes.
routinely you would create a master key on the database, then secure that with a passphrase; the passphrase would be needed while accessing the data, so almost certainly would be in cleartext in your access database (obviously a concern if that is backed up)
The master key is also available to the database (perhaps obviously) so for that reason a copy is encrypted with the service key, created when 2005 is installed. this is not normally included in backups, so that the backed up data is backed up still encrypted. the service key must be exported to file and backed up separately, for DR purposes.
http://www.level2storage.com/why.asp
http://www.efoldering.com/overview