Solved

Encryption solutions to transport 150GB data fr AIX & Solaris to offsite vendor

Posted on 2016-10-28
11
45 Views
Last Modified: 2016-11-01
We have huge amt of data in our AIX & Solaris servers to send to our offsite
vendor & don't want to install software (eg: Truecrypt) on the servers : LTO
tapes are not an option as we no longer use tapes but Data Domain
 (backup to disks/VTLs) & our backup tool is not the same as our vendor's)
while transferring using sftp is going to hog the network.

Q1:
What are the most portable & secure (as don't want to use weak encryption
like Blowfish) ways (without installing software but I guess standalone tool on
the Sparc & RS6000 servers are Ok) to transport the data files to the vendor?

Q2:
I heard some USB HDD like those from WD comes with its encryption (is it
hardware encryption?) : do we need to install any driver/software on the
servers to move files to the HDD?  I thought of connecting a laptop with
a USB HDD directly (using a Lan cross cable) to the servers' spare LAN
port & then sftp over to the USB HDD

Q3:
Is partition or files-level encryption more feasible in our case?

Q4:
Or should I use just a NAS (which supports sftp server) to sftp into the
NAS?  Between NAS & USB HDD, which is more practical?
0
Comment
Question by:sunhux
  • 6
  • 2
  • 2
  • +1
11 Comments
 
LVL 53

Accepted Solution

by:
McKnife earned 250 total points
ID: 41864966
You could use a device that offers keypad authentication. That would be totally independent of the OS layer. https://www.amazon.com/Toshiba-Encrypted-Flash-Drive-PFU032D-1BEK/dp/B00NMVER4O to give you an idea. There will be other devices with larger capacities.
0
 

Author Comment

by:sunhux
ID: 41865123
Any larger capacities ones?   I guess I may use Solaris zip (not sure if AIX has one) to
split into smaller chunks
0
 

Author Comment

by:sunhux
ID: 41865359
What are the recommended encryption ciphers to use n is partition or files level encryption more suited?
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 100 total points
ID: 41865494
if the network speed is fast significantly, 150 GB isn't a lot data nowadays, then the peace of mind solution should be a VPN. this will allow you to use your existing or traditional way to connect these hosts across the Internet transparently, and securely.
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 150 total points
ID: 41865510
What means of access and what will be performing the backup?
Password based zip, i.e. Password needed to uncompress.

The system that will be used to recover and the one used to backup should guide your consideration.
Presumably the offsite vendor is merely a means where the media is to be stored/preserved versus having access to the underlying data.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:sunhux
ID: 41865621
>What means of access and what will be performing the backup?
Looking at built-in means like sftp & Unix cp
0
 

Author Comment

by:sunhux
ID: 41865622
>What are the recommended encryption ciphers
I suppose anything less than 128bit is out?  Blowfish is out too as its developer
now recommends Twofish, so leaving AES-256 and ??  So what's the equivalent
ciphers as secure as AES256
0
 

Author Comment

by:sunhux
ID: 41865623
Does Solaris & AIX zip support AES-256 ?  I know 7zip does
0
 

Author Comment

by:sunhux
ID: 41865749
http://www.unix.com/aix/28903-file-password-protection-encryption.html
Looks like AIX doesnt hv a zip built in or does it?

Link above has a command to create an encrypted file but I may need to
encrypt many files.  

What's the syntax to encrypt multiple files in a (sub)directory tree?
Can we specify the size of the zip files created in chunks of say
5MB (like what 7zip could do)?
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 150 total points
ID: 41865774
Gnu pg is an option to encrypt ...public/private keys w/passphrase

You could get the gnu version and compile/install....

If you currently have an internal backup setup, see whether it has an archive/offsite option.
The difficulty with encrypting backup data is that you need another offsite location where the decryption key us saved/stored since it would defeat the encryption to store the means of decryption in the same location as the backups.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41865970
Larger ones, sure:
https://www.apricorn.com/aegis-secure-key-3
for example.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now