Solved

Encryption solutions to transport 150GB data fr AIX & Solaris to offsite vendor

Posted on 2016-10-28
11
106 Views
Last Modified: 2016-11-01
We have huge amt of data in our AIX & Solaris servers to send to our offsite
vendor & don't want to install software (eg: Truecrypt) on the servers : LTO
tapes are not an option as we no longer use tapes but Data Domain
 (backup to disks/VTLs) & our backup tool is not the same as our vendor's)
while transferring using sftp is going to hog the network.

Q1:
What are the most portable & secure (as don't want to use weak encryption
like Blowfish) ways (without installing software but I guess standalone tool on
the Sparc & RS6000 servers are Ok) to transport the data files to the vendor?

Q2:
I heard some USB HDD like those from WD comes with its encryption (is it
hardware encryption?) : do we need to install any driver/software on the
servers to move files to the HDD?  I thought of connecting a laptop with
a USB HDD directly (using a Lan cross cable) to the servers' spare LAN
port & then sftp over to the USB HDD

Q3:
Is partition or files-level encryption more feasible in our case?

Q4:
Or should I use just a NAS (which supports sftp server) to sftp into the
NAS?  Between NAS & USB HDD, which is more practical?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
  • 2
  • +1
11 Comments
 
LVL 55

Accepted Solution

by:
McKnife earned 250 total points
ID: 41864966
You could use a device that offers keypad authentication. That would be totally independent of the OS layer. https://www.amazon.com/Toshiba-Encrypted-Flash-Drive-PFU032D-1BEK/dp/B00NMVER4O to give you an idea. There will be other devices with larger capacities.
0
 

Author Comment

by:sunhux
ID: 41865123
Any larger capacities ones?   I guess I may use Solaris zip (not sure if AIX has one) to
split into smaller chunks
0
 

Author Comment

by:sunhux
ID: 41865359
What are the recommended encryption ciphers to use n is partition or files level encryption more suited?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 37

Assisted Solution

by:bbao
bbao earned 100 total points
ID: 41865494
if the network speed is fast significantly, 150 GB isn't a lot data nowadays, then the peace of mind solution should be a VPN. this will allow you to use your existing or traditional way to connect these hosts across the Internet transparently, and securely.
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 150 total points
ID: 41865510
What means of access and what will be performing the backup?
Password based zip, i.e. Password needed to uncompress.

The system that will be used to recover and the one used to backup should guide your consideration.
Presumably the offsite vendor is merely a means where the media is to be stored/preserved versus having access to the underlying data.
0
 

Author Comment

by:sunhux
ID: 41865621
>What means of access and what will be performing the backup?
Looking at built-in means like sftp & Unix cp
0
 

Author Comment

by:sunhux
ID: 41865622
>What are the recommended encryption ciphers
I suppose anything less than 128bit is out?  Blowfish is out too as its developer
now recommends Twofish, so leaving AES-256 and ??  So what's the equivalent
ciphers as secure as AES256
0
 

Author Comment

by:sunhux
ID: 41865623
Does Solaris & AIX zip support AES-256 ?  I know 7zip does
0
 

Author Comment

by:sunhux
ID: 41865749
http://www.unix.com/aix/28903-file-password-protection-encryption.html
Looks like AIX doesnt hv a zip built in or does it?

Link above has a command to create an encrypted file but I may need to
encrypt many files.  

What's the syntax to encrypt multiple files in a (sub)directory tree?
Can we specify the size of the zip files created in chunks of say
5MB (like what 7zip could do)?
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 150 total points
ID: 41865774
Gnu pg is an option to encrypt ...public/private keys w/passphrase

You could get the gnu version and compile/install....

If you currently have an internal backup setup, see whether it has an archive/offsite option.
The difficulty with encrypting backup data is that you need another offsite location where the decryption key us saved/stored since it would defeat the encryption to store the means of decryption in the same location as the backups.
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41865970
Larger ones, sure:
https://www.apricorn.com/aegis-secure-key-3
for example.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question