Solved

Encryption solutions to transport 150GB data fr AIX & Solaris to offsite vendor

Posted on 2016-10-28
11
75 Views
Last Modified: 2016-11-01
We have huge amt of data in our AIX & Solaris servers to send to our offsite
vendor & don't want to install software (eg: Truecrypt) on the servers : LTO
tapes are not an option as we no longer use tapes but Data Domain
 (backup to disks/VTLs) & our backup tool is not the same as our vendor's)
while transferring using sftp is going to hog the network.

Q1:
What are the most portable & secure (as don't want to use weak encryption
like Blowfish) ways (without installing software but I guess standalone tool on
the Sparc & RS6000 servers are Ok) to transport the data files to the vendor?

Q2:
I heard some USB HDD like those from WD comes with its encryption (is it
hardware encryption?) : do we need to install any driver/software on the
servers to move files to the HDD?  I thought of connecting a laptop with
a USB HDD directly (using a Lan cross cable) to the servers' spare LAN
port & then sftp over to the USB HDD

Q3:
Is partition or files-level encryption more feasible in our case?

Q4:
Or should I use just a NAS (which supports sftp server) to sftp into the
NAS?  Between NAS & USB HDD, which is more practical?
0
Comment
Question by:sunhux
  • 6
  • 2
  • 2
  • +1
11 Comments
 
LVL 53

Accepted Solution

by:
McKnife earned 250 total points
ID: 41864966
You could use a device that offers keypad authentication. That would be totally independent of the OS layer. https://www.amazon.com/Toshiba-Encrypted-Flash-Drive-PFU032D-1BEK/dp/B00NMVER4O to give you an idea. There will be other devices with larger capacities.
0
 

Author Comment

by:sunhux
ID: 41865123
Any larger capacities ones?   I guess I may use Solaris zip (not sure if AIX has one) to
split into smaller chunks
0
 

Author Comment

by:sunhux
ID: 41865359
What are the recommended encryption ciphers to use n is partition or files level encryption more suited?
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 100 total points
ID: 41865494
if the network speed is fast significantly, 150 GB isn't a lot data nowadays, then the peace of mind solution should be a VPN. this will allow you to use your existing or traditional way to connect these hosts across the Internet transparently, and securely.
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 150 total points
ID: 41865510
What means of access and what will be performing the backup?
Password based zip, i.e. Password needed to uncompress.

The system that will be used to recover and the one used to backup should guide your consideration.
Presumably the offsite vendor is merely a means where the media is to be stored/preserved versus having access to the underlying data.
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 

Author Comment

by:sunhux
ID: 41865621
>What means of access and what will be performing the backup?
Looking at built-in means like sftp & Unix cp
0
 

Author Comment

by:sunhux
ID: 41865622
>What are the recommended encryption ciphers
I suppose anything less than 128bit is out?  Blowfish is out too as its developer
now recommends Twofish, so leaving AES-256 and ??  So what's the equivalent
ciphers as secure as AES256
0
 

Author Comment

by:sunhux
ID: 41865623
Does Solaris & AIX zip support AES-256 ?  I know 7zip does
0
 

Author Comment

by:sunhux
ID: 41865749
http://www.unix.com/aix/28903-file-password-protection-encryption.html
Looks like AIX doesnt hv a zip built in or does it?

Link above has a command to create an encrypted file but I may need to
encrypt many files.  

What's the syntax to encrypt multiple files in a (sub)directory tree?
Can we specify the size of the zip files created in chunks of say
5MB (like what 7zip could do)?
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 150 total points
ID: 41865774
Gnu pg is an option to encrypt ...public/private keys w/passphrase

You could get the gnu version and compile/install....

If you currently have an internal backup setup, see whether it has an archive/offsite option.
The difficulty with encrypting backup data is that you need another offsite location where the decryption key us saved/stored since it would defeat the encryption to store the means of decryption in the same location as the backups.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41865970
Larger ones, sure:
https://www.apricorn.com/aegis-secure-key-3
for example.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now