Solved

copy data securely in Windows.

Posted on 2013-01-12
6
229 Views
Last Modified: 2013-02-01
Hi,

I need to create an automate job to copy some sensitive data from one Windows 2k8 server to the other securely.  

Can someone please advise a way to do this?
0
Comment
Question by:nav2567
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:sognoct
ID: 38769858
are the two server on the same lan ?

if they are not on the same lan best way is creating a vpn between the two lan and transfer with just a batch "copy"
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 38770040
there are lots of ways to do this, with the one from sognoct being a valid solution.
equally valid are:

1) running a dedicated network cable between the two (or ensuring they are on the same physical switch, and have static MAC assignments)
2) use an existing or install a new service that supports encryption (such as a https or sftp server)

those (and the answer from sognoct) match the same solution in general - protect the means of transmission, then move the data across that protected method

if the data is in a database, you can often obtain encrypted data access using an x509 certificate (ms sql server supports this, for example) which amounts to the same thing :)

3) encrypt the data, move insecurely, decrypt the data at receipt.

this is the alternate solution - you can trivially script encryption and decryption, then it doesn't matter which protocol you use to move the data.
0
 

Author Comment

by:nav2567
ID: 38771735
Both my source and target servers are Windows 2008.

I am exploring WSCP but it does not seem to be able to do this.  Please let me know if this is not correct.

If I choose to encrypt the data and copy, is 7ZIP secure enough?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Expert Comment

by:Dave Howe
ID: 38772434
wscp requires a backend ssh server, or sftp server - you don't get either of those "out of the box" with windows 2008 - you could install that (http://www.freesshd.com/) if you wish.

7-zip is a really good example of password protected AES software - I usually recommend it for one-shots, but it will work fine for multiple instances too (you can run 7zip from a script) - note that good cryptographic practice is *not* to repeat the use of a password, so you may need to have some sort of password schedule (not an issue if you are using openssl or gpg for your encryption, as those two methods use a hybrid encryption system that automatically uses different keys each time).
0
 

Author Comment

by:nav2567
ID: 38775859
I have installed GPG for Windows and encrypted and created some gpg files.  

I used the gpg --armor --output "key.txt" --export "myname" command to create a public key.  I then copy the key to another machine with the same software installed and use the pgp --import "key.txt" command to import the key.  

I then use the gpg --decrypt-files "c:\test\file1.txt.gpg" command to decrypt the file and get the "description failed: No Secret Key" error message.

Am I missing anything?

Please advise again.  Thanks.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 38777425
you need the secret key (not public key) to decrypt. if you encrypt on the machine with only the public key (key.txt) you can decrypt that on the machine that has both secret and public keys on it.

GPG4WIN should come with a gui key manager to make import and export easier, or just copy the keyring files across (pubring.gpg and secring.gpg)
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question