?
Solved

What would be a reliable method to encrypt (FIPS algorithms) backups of an Access 2000/2007 Database?

Posted on 2008-10-27
8
Medium Priority
?
485 Views
Last Modified: 2013-11-14
I need to encrypt  backups of our Access 2000/2007Database using FIPS-140 compliant algorithms.
I am looking for software I can test that can reliably perform this task.
0
Comment
Question by:PDSWSS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 1000 total points
ID: 22824703
Do you want FIPS complaint or actual FIPS certified software?

FIPS complaint is easy - 7-zip (www.7-zip.org) is a free compression tool that will give you a AES encrypted archive at 256 bit. This is scriptable.

In addition, if you want to use an activex component, then the (again free) ebcrypt library http://www.ebcrypt.com/ is a scriptable ssl tool, capable of FIPS complaint AES encryption along with asymmetric encryption using either RSA/DH directly, or in conjunction with a X509 certificate.

Finally, for java or C#, there is an excellent library called "bouncy castle" available from  http://www.bouncycastle.org/ which again can do AES; pgp and ssl compatability is also an option.


On the other hand, FIPS *certified* would require a fairly expensive commercial product, or using the command line tool/c library openssl (which would need to be compiled into FIPS compliance mode; I don't know of any pre-compiled binaries for this)

The complete list of validated products can be found here:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
0
 
LVL 8

Assisted Solution

by:rpkhare
rpkhare earned 1000 total points
ID: 22824773
Commercial: PGP
It has a limited Free version too.

Free: GPG

If you want to backup in an encrypted volume then: TrueCrypt
0
 
LVL 8

Expert Comment

by:rpkhare
ID: 22824823
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:PDSWSS
ID: 22825290
Thanks for your answers -  I assume if the database is encrypted on the server, it will still be encrypted in the backup and I will not need to encrypt the backup.  Is this correct?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22825859
depends on how it is encrypted. if you use on the fly encryption (such as EFS or Truecrypt) then it will be *decrypted* when you back it up.

if you encrypt a file though, you can back up the encrypted file and still have it be an encrypted file; be careful however not to repeat any fixed passwords as that can introduce dangers if the same password is used to encrypt multiple instances of an access database file.

fixed passwords are always an issue - which is why ssl and pgp use a randomly generated password, then encrypt THAT using asymmetric encryption (rsa dh or ec, usually)
0
 

Author Comment

by:PDSWSS
ID: 22826059
DaveHowe: Thanks for your answer-

This is an Access database - The frontend is on a share and the backend confidential data is in
SQL Server 2005 encrypted via the local policy in Windows Server 2003 - enable FIPS ...

Would this type of encryption remain encrypted when backed up  via NT backup in Windows 2003?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826066
in response to an earlier post - note that pgp *is* FIPS certified, but GPG (despite producing identical encrypted files, which can be decrypted using pgp and vice versa) is not.

PGP is a relatively expensive commercial product though.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826229
Hmm. 2005's FIPS mode is really just a restriction to the available cryptosystems - the certified library belongs to windows; just turning on FIPS isn't enough, you must also instruct 2005 on what data must be encrypted on the hard drive, and to insist on encrypted traffic from client to server.

routinely you would create a master key on the database, then secure that with a passphrase; the passphrase would be needed while accessing the data, so almost certainly would be in cleartext in your access database (obviously a concern if that is backed up)

The master key is also available to the database (perhaps obviously) so for that reason a copy is encrypted with the service key, created when 2005 is installed. this is not normally included in backups, so that the backed up data is backed up still encrypted. the service key must be exported to file and backed up separately, for DR purposes.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Traditionally, the method to display pictures in Access forms and reports is to first download them from URLs to a folder, record the path in a table and then let the form or report pull the pictures from that folder. But why not let Windows retr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month9 days, 13 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question