Solved

copy data securely in Windows.

Posted on 2013-01-12
6
231 Views
Last Modified: 2013-02-01
Hi,

I need to create an automate job to copy some sensitive data from one Windows 2k8 server to the other securely.  

Can someone please advise a way to do this?
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:sognoct
ID: 38769858
are the two server on the same lan ?

if they are not on the same lan best way is creating a vpn between the two lan and transfer with just a batch "copy"
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 38770040
there are lots of ways to do this, with the one from sognoct being a valid solution.
equally valid are:

1) running a dedicated network cable between the two (or ensuring they are on the same physical switch, and have static MAC assignments)
2) use an existing or install a new service that supports encryption (such as a https or sftp server)

those (and the answer from sognoct) match the same solution in general - protect the means of transmission, then move the data across that protected method

if the data is in a database, you can often obtain encrypted data access using an x509 certificate (ms sql server supports this, for example) which amounts to the same thing :)

3) encrypt the data, move insecurely, decrypt the data at receipt.

this is the alternate solution - you can trivially script encryption and decryption, then it doesn't matter which protocol you use to move the data.
0
 

Author Comment

by:nav2567
ID: 38771735
Both my source and target servers are Windows 2008.

I am exploring WSCP but it does not seem to be able to do this.  Please let me know if this is not correct.

If I choose to encrypt the data and copy, is 7ZIP secure enough?
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 33

Expert Comment

by:Dave Howe
ID: 38772434
wscp requires a backend ssh server, or sftp server - you don't get either of those "out of the box" with windows 2008 - you could install that (http://www.freesshd.com/) if you wish.

7-zip is a really good example of password protected AES software - I usually recommend it for one-shots, but it will work fine for multiple instances too (you can run 7zip from a script) - note that good cryptographic practice is *not* to repeat the use of a password, so you may need to have some sort of password schedule (not an issue if you are using openssl or gpg for your encryption, as those two methods use a hybrid encryption system that automatically uses different keys each time).
0
 

Author Comment

by:nav2567
ID: 38775859
I have installed GPG for Windows and encrypted and created some gpg files.  

I used the gpg --armor --output "key.txt" --export "myname" command to create a public key.  I then copy the key to another machine with the same software installed and use the pgp --import "key.txt" command to import the key.  

I then use the gpg --decrypt-files "c:\test\file1.txt.gpg" command to decrypt the file and get the "description failed: No Secret Key" error message.

Am I missing anything?

Please advise again.  Thanks.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 38777425
you need the secret key (not public key) to decrypt. if you encrypt on the machine with only the public key (key.txt) you can decrypt that on the machine that has both secret and public keys on it.

GPG4WIN should come with a gui key manager to make import and export easier, or just copy the keyring files across (pubring.gpg and secring.gpg)
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question