Solved

copy data securely in Windows.

Posted on 2013-01-12
6
224 Views
Last Modified: 2013-02-01
Hi,

I need to create an automate job to copy some sensitive data from one Windows 2k8 server to the other securely.  

Can someone please advise a way to do this?
0
Comment
Question by:nav2567
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:sognoct
Comment Utility
are the two server on the same lan ?

if they are not on the same lan best way is creating a vpn between the two lan and transfer with just a batch "copy"
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
Comment Utility
there are lots of ways to do this, with the one from sognoct being a valid solution.
equally valid are:

1) running a dedicated network cable between the two (or ensuring they are on the same physical switch, and have static MAC assignments)
2) use an existing or install a new service that supports encryption (such as a https or sftp server)

those (and the answer from sognoct) match the same solution in general - protect the means of transmission, then move the data across that protected method

if the data is in a database, you can often obtain encrypted data access using an x509 certificate (ms sql server supports this, for example) which amounts to the same thing :)

3) encrypt the data, move insecurely, decrypt the data at receipt.

this is the alternate solution - you can trivially script encryption and decryption, then it doesn't matter which protocol you use to move the data.
0
 

Author Comment

by:nav2567
Comment Utility
Both my source and target servers are Windows 2008.

I am exploring WSCP but it does not seem to be able to do this.  Please let me know if this is not correct.

If I choose to encrypt the data and copy, is 7ZIP secure enough?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
wscp requires a backend ssh server, or sftp server - you don't get either of those "out of the box" with windows 2008 - you could install that (http://www.freesshd.com/) if you wish.

7-zip is a really good example of password protected AES software - I usually recommend it for one-shots, but it will work fine for multiple instances too (you can run 7zip from a script) - note that good cryptographic practice is *not* to repeat the use of a password, so you may need to have some sort of password schedule (not an issue if you are using openssl or gpg for your encryption, as those two methods use a hybrid encryption system that automatically uses different keys each time).
0
 

Author Comment

by:nav2567
Comment Utility
I have installed GPG for Windows and encrypted and created some gpg files.  

I used the gpg --armor --output "key.txt" --export "myname" command to create a public key.  I then copy the key to another machine with the same software installed and use the pgp --import "key.txt" command to import the key.  

I then use the gpg --decrypt-files "c:\test\file1.txt.gpg" command to decrypt the file and get the "description failed: No Secret Key" error message.

Am I missing anything?

Please advise again.  Thanks.
0
 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
you need the secret key (not public key) to decrypt. if you encrypt on the machine with only the public key (key.txt) you can decrypt that on the machine that has both secret and public keys on it.

GPG4WIN should come with a gui key manager to make import and export easier, or just copy the keyring files across (pubring.gpg and secring.gpg)
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now