Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What would be a reliable method to encrypt (FIPS algorithms) backups of an Access 2000/2007 Database?

Posted on 2008-10-27
8
Medium Priority
?
501 Views
Last Modified: 2013-11-14
I need to encrypt  backups of our Access 2000/2007Database using FIPS-140 compliant algorithms.
I am looking for software I can test that can reliably perform this task.
0
Comment
Question by:PDSWSS
  • 4
  • 2
  • 2
8 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 1000 total points
ID: 22824703
Do you want FIPS complaint or actual FIPS certified software?

FIPS complaint is easy - 7-zip (www.7-zip.org) is a free compression tool that will give you a AES encrypted archive at 256 bit. This is scriptable.

In addition, if you want to use an activex component, then the (again free) ebcrypt library http://www.ebcrypt.com/ is a scriptable ssl tool, capable of FIPS complaint AES encryption along with asymmetric encryption using either RSA/DH directly, or in conjunction with a X509 certificate.

Finally, for java or C#, there is an excellent library called "bouncy castle" available from  http://www.bouncycastle.org/ which again can do AES; pgp and ssl compatability is also an option.


On the other hand, FIPS *certified* would require a fairly expensive commercial product, or using the command line tool/c library openssl (which would need to be compiled into FIPS compliance mode; I don't know of any pre-compiled binaries for this)

The complete list of validated products can be found here:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
0
 
LVL 8

Assisted Solution

by:rpkhare
rpkhare earned 1000 total points
ID: 22824773
Commercial: PGP
It has a limited Free version too.

Free: GPG

If you want to backup in an encrypted volume then: TrueCrypt
0
 
LVL 8

Expert Comment

by:rpkhare
ID: 22824823
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:PDSWSS
ID: 22825290
Thanks for your answers -  I assume if the database is encrypted on the server, it will still be encrypted in the backup and I will not need to encrypt the backup.  Is this correct?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22825859
depends on how it is encrypted. if you use on the fly encryption (such as EFS or Truecrypt) then it will be *decrypted* when you back it up.

if you encrypt a file though, you can back up the encrypted file and still have it be an encrypted file; be careful however not to repeat any fixed passwords as that can introduce dangers if the same password is used to encrypt multiple instances of an access database file.

fixed passwords are always an issue - which is why ssl and pgp use a randomly generated password, then encrypt THAT using asymmetric encryption (rsa dh or ec, usually)
0
 

Author Comment

by:PDSWSS
ID: 22826059
DaveHowe: Thanks for your answer-

This is an Access database - The frontend is on a share and the backend confidential data is in
SQL Server 2005 encrypted via the local policy in Windows Server 2003 - enable FIPS ...

Would this type of encryption remain encrypted when backed up  via NT backup in Windows 2003?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826066
in response to an earlier post - note that pgp *is* FIPS certified, but GPG (despite producing identical encrypted files, which can be decrypted using pgp and vice versa) is not.

PGP is a relatively expensive commercial product though.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826229
Hmm. 2005's FIPS mode is really just a restriction to the available cryptosystems - the certified library belongs to windows; just turning on FIPS isn't enough, you must also instruct 2005 on what data must be encrypted on the hard drive, and to insist on encrypted traffic from client to server.

routinely you would create a master key on the database, then secure that with a passphrase; the passphrase would be needed while accessing the data, so almost certainly would be in cleartext in your access database (obviously a concern if that is backed up)

The master key is also available to the database (perhaps obviously) so for that reason a copy is encrypted with the service key, created when 2005 is installed. this is not normally included in backups, so that the backed up data is backed up still encrypted. the service key must be exported to file and backed up separately, for DR purposes.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
If you’re using QODBC to update QuickBooks data from Microsoft® Access but Access is not showing the updated data, you could have set up QODBC incorrectly.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question