Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

What would be a reliable method to encrypt (FIPS algorithms) backups of an Access 2000/2007 Database?

Posted on 2008-10-27
8
453 Views
Last Modified: 2013-11-14
I need to encrypt  backups of our Access 2000/2007Database using FIPS-140 compliant algorithms.
I am looking for software I can test that can reliably perform this task.
0
Comment
Question by:PDSWSS
  • 4
  • 2
  • 2
8 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 250 total points
ID: 22824703
Do you want FIPS complaint or actual FIPS certified software?

FIPS complaint is easy - 7-zip (www.7-zip.org) is a free compression tool that will give you a AES encrypted archive at 256 bit. This is scriptable.

In addition, if you want to use an activex component, then the (again free) ebcrypt library http://www.ebcrypt.com/ is a scriptable ssl tool, capable of FIPS complaint AES encryption along with asymmetric encryption using either RSA/DH directly, or in conjunction with a X509 certificate.

Finally, for java or C#, there is an excellent library called "bouncy castle" available from  http://www.bouncycastle.org/ which again can do AES; pgp and ssl compatability is also an option.


On the other hand, FIPS *certified* would require a fairly expensive commercial product, or using the command line tool/c library openssl (which would need to be compiled into FIPS compliance mode; I don't know of any pre-compiled binaries for this)

The complete list of validated products can be found here:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
0
 
LVL 8

Assisted Solution

by:rpkhare
rpkhare earned 250 total points
ID: 22824773
Commercial: PGP
It has a limited Free version too.

Free: GPG

If you want to backup in an encrypted volume then: TrueCrypt
0
 
LVL 8

Expert Comment

by:rpkhare
ID: 22824823
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:PDSWSS
ID: 22825290
Thanks for your answers -  I assume if the database is encrypted on the server, it will still be encrypted in the backup and I will not need to encrypt the backup.  Is this correct?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22825859
depends on how it is encrypted. if you use on the fly encryption (such as EFS or Truecrypt) then it will be *decrypted* when you back it up.

if you encrypt a file though, you can back up the encrypted file and still have it be an encrypted file; be careful however not to repeat any fixed passwords as that can introduce dangers if the same password is used to encrypt multiple instances of an access database file.

fixed passwords are always an issue - which is why ssl and pgp use a randomly generated password, then encrypt THAT using asymmetric encryption (rsa dh or ec, usually)
0
 

Author Comment

by:PDSWSS
ID: 22826059
DaveHowe: Thanks for your answer-

This is an Access database - The frontend is on a share and the backend confidential data is in
SQL Server 2005 encrypted via the local policy in Windows Server 2003 - enable FIPS ...

Would this type of encryption remain encrypted when backed up  via NT backup in Windows 2003?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826066
in response to an earlier post - note that pgp *is* FIPS certified, but GPG (despite producing identical encrypted files, which can be decrypted using pgp and vice versa) is not.

PGP is a relatively expensive commercial product though.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826229
Hmm. 2005's FIPS mode is really just a restriction to the available cryptosystems - the certified library belongs to windows; just turning on FIPS isn't enough, you must also instruct 2005 on what data must be encrypted on the hard drive, and to insist on encrypted traffic from client to server.

routinely you would create a master key on the database, then secure that with a passphrase; the passphrase would be needed while accessing the data, so almost certainly would be in cleartext in your access database (obviously a concern if that is backed up)

The master key is also available to the database (perhaps obviously) so for that reason a copy is encrypted with the service key, created when 2005 is installed. this is not normally included in backups, so that the backed up data is backed up still encrypted. the service key must be exported to file and backed up separately, for DR purposes.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question