[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 130
  • Last Modified:

Encryption solutions to transport 150GB data fr AIX & Solaris to offsite vendor

We have huge amt of data in our AIX & Solaris servers to send to our offsite
vendor & don't want to install software (eg: Truecrypt) on the servers : LTO
tapes are not an option as we no longer use tapes but Data Domain
 (backup to disks/VTLs) & our backup tool is not the same as our vendor's)
while transferring using sftp is going to hog the network.

Q1:
What are the most portable & secure (as don't want to use weak encryption
like Blowfish) ways (without installing software but I guess standalone tool on
the Sparc & RS6000 servers are Ok) to transport the data files to the vendor?

Q2:
I heard some USB HDD like those from WD comes with its encryption (is it
hardware encryption?) : do we need to install any driver/software on the
servers to move files to the HDD?  I thought of connecting a laptop with
a USB HDD directly (using a Lan cross cable) to the servers' spare LAN
port & then sftp over to the USB HDD

Q3:
Is partition or files-level encryption more feasible in our case?

Q4:
Or should I use just a NAS (which supports sftp server) to sftp into the
NAS?  Between NAS & USB HDD, which is more practical?
0
sunhux
Asked:
sunhux
  • 6
  • 2
  • 2
  • +1
5 Solutions
 
McKnifeCommented:
You could use a device that offers keypad authentication. That would be totally independent of the OS layer. https://www.amazon.com/Toshiba-Encrypted-Flash-Drive-PFU032D-1BEK/dp/B00NMVER4O to give you an idea. There will be other devices with larger capacities.
0
 
sunhuxAuthor Commented:
Any larger capacities ones?   I guess I may use Solaris zip (not sure if AIX has one) to
split into smaller chunks
0
 
sunhuxAuthor Commented:
What are the recommended encryption ciphers to use n is partition or files level encryption more suited?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bbaoIT ConsultantCommented:
if the network speed is fast significantly, 150 GB isn't a lot data nowadays, then the peace of mind solution should be a VPN. this will allow you to use your existing or traditional way to connect these hosts across the Internet transparently, and securely.
0
 
arnoldCommented:
What means of access and what will be performing the backup?
Password based zip, i.e. Password needed to uncompress.

The system that will be used to recover and the one used to backup should guide your consideration.
Presumably the offsite vendor is merely a means where the media is to be stored/preserved versus having access to the underlying data.
0
 
sunhuxAuthor Commented:
>What means of access and what will be performing the backup?
Looking at built-in means like sftp & Unix cp
0
 
sunhuxAuthor Commented:
>What are the recommended encryption ciphers
I suppose anything less than 128bit is out?  Blowfish is out too as its developer
now recommends Twofish, so leaving AES-256 and ??  So what's the equivalent
ciphers as secure as AES256
0
 
sunhuxAuthor Commented:
Does Solaris & AIX zip support AES-256 ?  I know 7zip does
0
 
sunhuxAuthor Commented:
http://www.unix.com/aix/28903-file-password-protection-encryption.html
Looks like AIX doesnt hv a zip built in or does it?

Link above has a command to create an encrypted file but I may need to
encrypt many files.  

What's the syntax to encrypt multiple files in a (sub)directory tree?
Can we specify the size of the zip files created in chunks of say
5MB (like what 7zip could do)?
0
 
arnoldCommented:
Gnu pg is an option to encrypt ...public/private keys w/passphrase

You could get the gnu version and compile/install....

If you currently have an internal backup setup, see whether it has an archive/offsite option.
The difficulty with encrypting backup data is that you need another offsite location where the decryption key us saved/stored since it would defeat the encryption to store the means of decryption in the same location as the backups.
0
 
McKnifeCommented:
Larger ones, sure:
https://www.apricorn.com/aegis-secure-key-3
for example.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 6
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now