Encryption solutions to transport 150GB data fr AIX & Solaris to offsite vendor

We have huge amt of data in our AIX & Solaris servers to send to our offsite
vendor & don't want to install software (eg: Truecrypt) on the servers : LTO
tapes are not an option as we no longer use tapes but Data Domain
 (backup to disks/VTLs) & our backup tool is not the same as our vendor's)
while transferring using sftp is going to hog the network.

Q1:
What are the most portable & secure (as don't want to use weak encryption
like Blowfish) ways (without installing software but I guess standalone tool on
the Sparc & RS6000 servers are Ok) to transport the data files to the vendor?

Q2:
I heard some USB HDD like those from WD comes with its encryption (is it
hardware encryption?) : do we need to install any driver/software on the
servers to move files to the HDD?  I thought of connecting a laptop with
a USB HDD directly (using a Lan cross cable) to the servers' spare LAN
port & then sftp over to the USB HDD

Q3:
Is partition or files-level encryption more feasible in our case?

Q4:
Or should I use just a NAS (which supports sftp server) to sftp into the
NAS?  Between NAS & USB HDD, which is more practical?
sunhuxAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
You could use a device that offers keypad authentication. That would be totally independent of the OS layer. https://www.amazon.com/Toshiba-Encrypted-Flash-Drive-PFU032D-1BEK/dp/B00NMVER4O to give you an idea. There will be other devices with larger capacities.
0
 
sunhuxAuthor Commented:
Any larger capacities ones?   I guess I may use Solaris zip (not sure if AIX has one) to
split into smaller chunks
0
 
sunhuxAuthor Commented:
What are the recommended encryption ciphers to use n is partition or files level encryption more suited?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
bbaoConnect With a Mentor IT ConsultantCommented:
if the network speed is fast significantly, 150 GB isn't a lot data nowadays, then the peace of mind solution should be a VPN. this will allow you to use your existing or traditional way to connect these hosts across the Internet transparently, and securely.
0
 
arnoldConnect With a Mentor Commented:
What means of access and what will be performing the backup?
Password based zip, i.e. Password needed to uncompress.

The system that will be used to recover and the one used to backup should guide your consideration.
Presumably the offsite vendor is merely a means where the media is to be stored/preserved versus having access to the underlying data.
0
 
sunhuxAuthor Commented:
>What means of access and what will be performing the backup?
Looking at built-in means like sftp & Unix cp
0
 
sunhuxAuthor Commented:
>What are the recommended encryption ciphers
I suppose anything less than 128bit is out?  Blowfish is out too as its developer
now recommends Twofish, so leaving AES-256 and ??  So what's the equivalent
ciphers as secure as AES256
0
 
sunhuxAuthor Commented:
Does Solaris & AIX zip support AES-256 ?  I know 7zip does
0
 
sunhuxAuthor Commented:
http://www.unix.com/aix/28903-file-password-protection-encryption.html
Looks like AIX doesnt hv a zip built in or does it?

Link above has a command to create an encrypted file but I may need to
encrypt many files.  

What's the syntax to encrypt multiple files in a (sub)directory tree?
Can we specify the size of the zip files created in chunks of say
5MB (like what 7zip could do)?
0
 
arnoldConnect With a Mentor Commented:
Gnu pg is an option to encrypt ...public/private keys w/passphrase

You could get the gnu version and compile/install....

If you currently have an internal backup setup, see whether it has an archive/offsite option.
The difficulty with encrypting backup data is that you need another offsite location where the decryption key us saved/stored since it would defeat the encryption to store the means of decryption in the same location as the backups.
0
 
McKnifeConnect With a Mentor Commented:
Larger ones, sure:
https://www.apricorn.com/aegis-secure-key-3
for example.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.