Solved

What would be a reliable method to encrypt (FIPS algorithms) backups of an Access 2000/2007 Database?

Posted on 2008-10-27
8
433 Views
Last Modified: 2013-11-14
I need to encrypt  backups of our Access 2000/2007Database using FIPS-140 compliant algorithms.
I am looking for software I can test that can reliably perform this task.
0
Comment
Question by:PDSWSS
  • 4
  • 2
  • 2
8 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 250 total points
ID: 22824703
Do you want FIPS complaint or actual FIPS certified software?

FIPS complaint is easy - 7-zip (www.7-zip.org) is a free compression tool that will give you a AES encrypted archive at 256 bit. This is scriptable.

In addition, if you want to use an activex component, then the (again free) ebcrypt library http://www.ebcrypt.com/ is a scriptable ssl tool, capable of FIPS complaint AES encryption along with asymmetric encryption using either RSA/DH directly, or in conjunction with a X509 certificate.

Finally, for java or C#, there is an excellent library called "bouncy castle" available from  http://www.bouncycastle.org/ which again can do AES; pgp and ssl compatability is also an option.


On the other hand, FIPS *certified* would require a fairly expensive commercial product, or using the command line tool/c library openssl (which would need to be compiled into FIPS compliance mode; I don't know of any pre-compiled binaries for this)

The complete list of validated products can be found here:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
0
 
LVL 8

Assisted Solution

by:rpkhare
rpkhare earned 250 total points
ID: 22824773
Commercial: PGP
It has a limited Free version too.

Free: GPG

If you want to backup in an encrypted volume then: TrueCrypt
0
 
LVL 8

Expert Comment

by:rpkhare
ID: 22824823
0
 

Author Comment

by:PDSWSS
ID: 22825290
Thanks for your answers -  I assume if the database is encrypted on the server, it will still be encrypted in the backup and I will not need to encrypt the backup.  Is this correct?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 33

Expert Comment

by:Dave Howe
ID: 22825859
depends on how it is encrypted. if you use on the fly encryption (such as EFS or Truecrypt) then it will be *decrypted* when you back it up.

if you encrypt a file though, you can back up the encrypted file and still have it be an encrypted file; be careful however not to repeat any fixed passwords as that can introduce dangers if the same password is used to encrypt multiple instances of an access database file.

fixed passwords are always an issue - which is why ssl and pgp use a randomly generated password, then encrypt THAT using asymmetric encryption (rsa dh or ec, usually)
0
 

Author Comment

by:PDSWSS
ID: 22826059
DaveHowe: Thanks for your answer-

This is an Access database - The frontend is on a share and the backend confidential data is in
SQL Server 2005 encrypted via the local policy in Windows Server 2003 - enable FIPS ...

Would this type of encryption remain encrypted when backed up  via NT backup in Windows 2003?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826066
in response to an earlier post - note that pgp *is* FIPS certified, but GPG (despite producing identical encrypted files, which can be decrypted using pgp and vice versa) is not.

PGP is a relatively expensive commercial product though.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 22826229
Hmm. 2005's FIPS mode is really just a restriction to the available cryptosystems - the certified library belongs to windows; just turning on FIPS isn't enough, you must also instruct 2005 on what data must be encrypted on the hard drive, and to insist on encrypted traffic from client to server.

routinely you would create a master key on the database, then secure that with a passphrase; the passphrase would be needed while accessing the data, so almost certainly would be in cleartext in your access database (obviously a concern if that is backed up)

The master key is also available to the database (perhaps obviously) so for that reason a copy is encrypted with the service key, created when 2005 is installed. this is not normally included in backups, so that the backed up data is backed up still encrypted. the service key must be exported to file and backed up separately, for DR purposes.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now