Solved

What would be a reliable method to encrypt (FIPS algorithms) backups of an Access 2000/2007 Database?

Posted on 2008-10-27
8
420 Views
Last Modified: 2013-11-14
I need to encrypt  backups of our Access 2000/2007Database using FIPS-140 compliant algorithms.
I am looking for software I can test that can reliably perform this task.
0
Comment
Question by:PDSWSS
  • 4
  • 2
  • 2
8 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 250 total points
ID: 22824703
Do you want FIPS complaint or actual FIPS certified software?

FIPS complaint is easy - 7-zip (www.7-zip.org) is a free compression tool that will give you a AES encrypted archive at 256 bit. This is scriptable.

In addition, if you want to use an activex component, then the (again free) ebcrypt library http://www.ebcrypt.com/ is a scriptable ssl tool, capable of FIPS complaint AES encryption along with asymmetric encryption using either RSA/DH directly, or in conjunction with a X509 certificate.

Finally, for java or C#, there is an excellent library called "bouncy castle" available from  http://www.bouncycastle.org/ which again can do AES; pgp and ssl compatability is also an option.


On the other hand, FIPS *certified* would require a fairly expensive commercial product, or using the command line tool/c library openssl (which would need to be compiled into FIPS compliance mode; I don't know of any pre-compiled binaries for this)

The complete list of validated products can be found here:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
0
 
LVL 8

Assisted Solution

by:rpkhare
rpkhare earned 250 total points
ID: 22824773
Commercial: PGP
It has a limited Free version too.

Free: GPG

If you want to backup in an encrypted volume then: TrueCrypt
0
 
LVL 8

Expert Comment

by:rpkhare
ID: 22824823
0
 

Author Comment

by:PDSWSS
ID: 22825290
Thanks for your answers -  I assume if the database is encrypted on the server, it will still be encrypted in the backup and I will not need to encrypt the backup.  Is this correct?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 33

Expert Comment

by:Dave Howe
ID: 22825859
depends on how it is encrypted. if you use on the fly encryption (such as EFS or Truecrypt) then it will be *decrypted* when you back it up.

if you encrypt a file though, you can back up the encrypted file and still have it be an encrypted file; be careful however not to repeat any fixed passwords as that can introduce dangers if the same password is used to encrypt multiple instances of an access database file.

fixed passwords are always an issue - which is why ssl and pgp use a randomly generated password, then encrypt THAT using asymmetric encryption (rsa dh or ec, usually)
0
 

Author Comment

by:PDSWSS
ID: 22826059
DaveHowe: Thanks for your answer-

This is an Access database - The frontend is on a share and the backend confidential data is in
SQL Server 2005 encrypted via the local policy in Windows Server 2003 - enable FIPS ...

Would this type of encryption remain encrypted when backed up  via NT backup in Windows 2003?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826066
in response to an earlier post - note that pgp *is* FIPS certified, but GPG (despite producing identical encrypted files, which can be decrypted using pgp and vice versa) is not.

PGP is a relatively expensive commercial product though.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826229
Hmm. 2005's FIPS mode is really just a restriction to the available cryptosystems - the certified library belongs to windows; just turning on FIPS isn't enough, you must also instruct 2005 on what data must be encrypted on the hard drive, and to insist on encrypted traffic from client to server.

routinely you would create a master key on the database, then secure that with a passphrase; the passphrase would be needed while accessing the data, so almost certainly would be in cleartext in your access database (obviously a concern if that is backed up)

The master key is also available to the database (perhaps obviously) so for that reason a copy is encrypted with the service key, created when 2005 is installed. this is not normally included in backups, so that the backed up data is backed up still encrypted. the service key must be exported to file and backed up separately, for DR purposes.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
Learn how to number pages in an Access report over each group. Activate two pass printing by referencing the pages property: Add code to the Page Footers OnFormat event to capture the pages as there occur for each group. Use the pages property to …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now