Sign in to follow this  
alpha754293

secure data transfer

Recommended Posts

One of my friends have agreed to colo financial data for me and I was wondering - what's the best, most secure way of transferring the data?

I've heard that there are now external drives that support full disk encryption? Would that be at the device level or OS level?

Or would it be better for me to encrypt the data and then just copy it to a disk? Or would it be better for me to put that into a password protected archive and then encrypt the disk?

Thoughts? Suggestions?

He runs Ubuntu and I run Windows (primarily) but I can also run Ubuntu as well. (Or Solaris or Mac OS X).

Thanks.

Share this post


Link to post
Share on other sites

Have you considered just putting a hard drive in a bank safety deposit box? That would be my preferred method rather than having to find a friend in the event of some sort of emergency.

Share this post


Link to post
Share on other sites

That's what I'd do too. But in any case, I'd have a couple of inexpensive 2.5" drives so that I can rotate drives, and store the data in a password protected 7z archive, which is pretty secure:

"7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password."

Open source always wins for me. 7z is readily available for all major platforms as a result.

Share this post


Link to post
Share on other sites

Transferring crucial data should not be done with technology that provides no fundamental protection to corruption. You really should use ZFS for this task, combined with zfs send/receive functionality to utilise the end to end data integrity feature. Only with this kind of protection can you be reasonably sure that your data did not corrupt during transfer. A legacy solution would be using rsync with checksum option enabled, but this requires lots of time on both client and server while providing only minimal checksum protection.

If you desire protection, ZFS is the way to go. There is no (usable) substitute at this time.

Share this post


Link to post
Share on other sites

Have you considered just putting a hard drive in a bank safety deposit box? That would be my preferred method rather than having to find a friend in the event of some sort of emergency.

Well, I am hoping that the data will be somewhat live so that as my master copy is updated, so will the colo copy(ies).

That's what I'd do too. But in any case, I'd have a couple of inexpensive 2.5" drives so that I can rotate drives, and store the data in a password protected 7z archive, which is pretty secure:

"7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits. To create that key 7-Zip uses derivation function based on SHA-256 hash algorithm. A key derivation function produces a derived key from text password defined by user. For increasing the cost of exhaustive search for passwords 7-Zip uses big number of iterations to produce cipher key from text password."

Open source always wins for me. 7z is readily available for all major platforms as a result.

Would it be better to encrypt the drive or just the archive will be sufficient? Or both?

I thought that I read somewhere that the SHA-256 hash isn't as secure as it was once thought to be?

Does it matter if it's AES-CBC or AES-ECB?

Transferring crucial data should not be done with technology that provides no fundamental protection to corruption. You really should use ZFS for this task, combined with zfs send/receive functionality to utilise the end to end data integrity feature. Only with this kind of protection can you be reasonably sure that your data did not corrupt during transfer. A legacy solution would be using rsync with checksum option enabled, but this requires lots of time on both client and server while providing only minimal checksum protection.

If you desire protection, ZFS is the way to go. There is no (usable) substitute at this time.

Yea....I'm not really THAT skilled in system administration to be able to set that up let alone teach it to my friend who's NOT a sysadmin. Can you SEND ZFS to another system that's NOT located on the local network? Or rsync over the net? How do you define a remote target for the send/receive commands? Or would it be a ssh/rsh port forward (at the router side of things)?

(Forgive me for asking dumb questions) - but just trying to figure out what would be the best way to transmit data securely.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this