Solved

copy data securely in Windows.

Posted on 2013-01-12
6
228 Views
Last Modified: 2013-02-01
Hi,

I need to create an automate job to copy some sensitive data from one Windows 2k8 server to the other securely.  

Can someone please advise a way to do this?
0
Comment
Question by:nav2567
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:sognoct
ID: 38769858
are the two server on the same lan ?

if they are not on the same lan best way is creating a vpn between the two lan and transfer with just a batch "copy"
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 38770040
there are lots of ways to do this, with the one from sognoct being a valid solution.
equally valid are:

1) running a dedicated network cable between the two (or ensuring they are on the same physical switch, and have static MAC assignments)
2) use an existing or install a new service that supports encryption (such as a https or sftp server)

those (and the answer from sognoct) match the same solution in general - protect the means of transmission, then move the data across that protected method

if the data is in a database, you can often obtain encrypted data access using an x509 certificate (ms sql server supports this, for example) which amounts to the same thing :)

3) encrypt the data, move insecurely, decrypt the data at receipt.

this is the alternate solution - you can trivially script encryption and decryption, then it doesn't matter which protocol you use to move the data.
0
 

Author Comment

by:nav2567
ID: 38771735
Both my source and target servers are Windows 2008.

I am exploring WSCP but it does not seem to be able to do this.  Please let me know if this is not correct.

If I choose to encrypt the data and copy, is 7ZIP secure enough?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 33

Expert Comment

by:Dave Howe
ID: 38772434
wscp requires a backend ssh server, or sftp server - you don't get either of those "out of the box" with windows 2008 - you could install that (http://www.freesshd.com/) if you wish.

7-zip is a really good example of password protected AES software - I usually recommend it for one-shots, but it will work fine for multiple instances too (you can run 7zip from a script) - note that good cryptographic practice is *not* to repeat the use of a password, so you may need to have some sort of password schedule (not an issue if you are using openssl or gpg for your encryption, as those two methods use a hybrid encryption system that automatically uses different keys each time).
0
 

Author Comment

by:nav2567
ID: 38775859
I have installed GPG for Windows and encrypted and created some gpg files.  

I used the gpg --armor --output "key.txt" --export "myname" command to create a public key.  I then copy the key to another machine with the same software installed and use the pgp --import "key.txt" command to import the key.  

I then use the gpg --decrypt-files "c:\test\file1.txt.gpg" command to decrypt the file and get the "description failed: No Secret Key" error message.

Am I missing anything?

Please advise again.  Thanks.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 38777425
you need the secret key (not public key) to decrypt. if you encrypt on the machine with only the public key (key.txt) you can decrypt that on the machine that has both secret and public keys on it.

GPG4WIN should come with a gui key manager to make import and export easier, or just copy the keyring files across (pubring.gpg and secring.gpg)
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question