Re: Question:encryption tool.
On 2/15/07, David Robillard <[EMAIL PROTECTED]> wrote: > I am looking for any suggestion on using the right tool that I can use to > perform the encryption/decryption for flat files. > > We have a requirement to encrypt 15 flat files and be dumped on tape and be > stored in remote site facility for later business resumption. > > or in the crash/fire/emergency situation for the recovery purposes. > > For consistency I am planning to use the same tool across our Solaris, Linux > and Freebsd OS oracle database environments. Check out SysAdmin magazine's article "Backup Encryption" from the March 2007 issue. It looks like exactly what you're looking for: http://www.samag.com/documents/s=10118/sam0703b/0703b.htm Thanks a lot this is great article discussing and covering all in one place Thanks Dak HTH, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool.
I am looking for any suggestion on using the right tool that I can use to perform the encryption/decryption for flat files. We have a requirement to encrypt 15 flat files and be dumped on tape and be stored in remote site facility for later business resumption. or in the crash/fire/emergency situation for the recovery purposes. For consistency I am planning to use the same tool across our Solaris, Linux and Freebsd OS oracle database environments. Check out SysAdmin magazine's article "Backup Encryption" from the March 2007 issue. It looks like exactly what you're looking for: http://www.samag.com/documents/s=10118/sam0703b/0703b.htm HTH, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dak Ghatikachalam wrote: > Hi freebsd ers > > I am looking for any suggestion on using the right tool that I can use to > perform the encryption/decryption for flat files. > > We have a requirement to encrypt 15 flat files and be dumped on tape and be > stored in remote site facility for later business resumption. > > or in the crash/fire/emergency situation for the recovery purposes. > > For consistency I am planning to use the same tool across our Solaris, > Linux > and Freebsd OS oracle database environments. Go for GnuPG. We use that for securing our nightly database dumps, which are piped thru gpg. (We share backup server with several other systems.) The encryption is done to a public key, with the secret key secure locked away on some other location. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF1AjJMVyOPWVstbURAsAbAKCtN07O+PobPR9vT4kniWPQjluVXACg4QJN Di2Mlsz8OYzPaLCRSyzVNrQ= =wjTA -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool.
On 2/6/07, David Robillard <[EMAIL PROTECTED]> wrote: On 2/6/07, Dak Ghatikachalam <[EMAIL PROTECTED]> wrote: [...snip!...] > Thanks a lot , but we are on Oracle9i database, the Oracle secure backup > they are talking would be nice on 10G onwards Well, not according to the FAQ. Here is what it says: -- What Oracle database versions does Oracle Secure Backup support? Oracle Secure Backup installs with a native integration of Oracle Database's via Oracle Recovery Manager (RMAN), which supports Oracle9i forward. So if you're running 9i, you should be alrgiht. Here is the exception with Oracle9i I was not able to encrypt the RMAN backups, I tried by best it does not have an option of encryption you will see below I have catalog as 10G database , so I registered itself as target Recovery Manager: Release 10.2.0.3.0 - Production on Tue Feb 6 18:52:34 2007 Copyright (c) 1982, 2005, Oracle. All rights reserved. connected to target database: CAT10GR2 (DBID=845501569) connected to recovery catalog database RMAN> show all; RMAN configuration parameters are: CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default CONFIGURE BACKUP OPTIMIZATION OFF; # default CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default CONFIGURE CONTROLFILE AUTOBACKUP OFF; # default CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '%F'; # default CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default CONFIGURE MAXSETSIZE TO UNLIMITED; # default CONFIGURE ENCRYPTION FOR DATABASE OFF; # default CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/app/oracle/product/10.2/dbs/snapcf_cat10gr2.f'; # default RMAN> You can see that encryption for db and alogorithm option there but you will not see in Oracle9i Recovery Manager: Release 9.2.0.7.0 - 64bit Production Copyright (c) 1995, 2002, Oracle Corporation. All rights reserved. connected to target database: RCVCAT (DBID=2859160142) connected to recovery catalog database RMAN> show all; RMAN configuration parameters are: CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default CONFIGURE BACKUP OPTIMIZATION OFF; # default CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default CONFIGURE CONTROLFILE AUTOBACKUP OFF; # default CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '%F'; # default CONFIGURE DEVICE TYPE DISK PARALLELISM 1; # default CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default CONFIGURE MAXSETSIZE TO UNLIMITED; # default CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/app/oracle/product/9.2.0.7/dbs/snapcf_rcvcat.f'; # default my impression about the FAQ on secure-backup what oracle talks about , encryption, archivelog deletion policy is that in simply focuses on 10g database and above. yes i went thru th claims of secure of 9i , but the command of set enryption on identified by "password" or CONFIGURE ENCRYPTION FOR DATABASE on identified by "password" is the command of 10G not sure if that would would work on 9i database even we were to use the secure - backup with 9i. You can get your hands on the FAQ at http://www.oracle.com/technology/products/secure-backup/pdf/FAQ.pdf HTH, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool
On 2/6/07, Robert Huff <[EMAIL PROTECTED]> wrote: Roland Smith writes: > > I am looking for any suggestion on using the right tool that > > I can use to perform the encryption/decryption for flat files. > > You can encrypt files with AES using ccrypt. > http://ccrypt.sourceforge.net/ Both ccrypt and ncrypt are available as ports. Thanks a lot for all the response, I have gone with openssl as posted by Mike T, which was already there in all our environment OS installed and ready to be used. I am going to review these packages again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool
On 2/5/07, Mike Tancsa <[EMAIL PROTECTED]> wrote: On Mon, 5 Feb 2007 18:21:18 -0500, in sentex.lists.freebsd.questions you wrote: > >Thanks a lot, Our current backup system is veritas netbackup, and changing >that to entire bacula is best thing for me, > >But the making the decision about switching to bacula was above my pay >grade. I hardly see that happen anytime soon. > >so they wanted me encrypt these files, that is on the backup location >before the netbackup scheduler picks up these files. If you just want to encrypt the files with a password, openssl works well and can be found pretty well on any platform. [cage]% echo "this is a test" | openssl enc -aes-128-cbc -base64 -k pass U2FsdGVkX1+gkWRJo5W7PGBLpilZmlEx3+cKML+32to= [cage]% [cage]% [cage]% echo "U2FsdGVkX1+gkWRJo5W7PGBLpilZmlEx3+cKML+32to=" | openssl aes-128-cbc -d -base64 -k pass this is a test [cage]% But you really want to take a look at /usr/ports/security/gnupg. It seems all a bit confusing at first, but its a much better way to encrypt data and manage who has access to decode files without having to use a common passphrase. It as well will work across multiple platforms Thanks a lot Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool.
On 2/6/07, Dak Ghatikachalam <[EMAIL PROTECTED]> wrote: [...snip!...] Thanks a lot , but we are on Oracle9i database, the Oracle secure backup they are talking would be nice on 10G onwards Well, not according to the FAQ. Here is what it says: -- What Oracle database versions does Oracle Secure Backup support? Oracle Secure Backup installs with a native integration of Oracle Database's via Oracle Recovery Manager (RMAN), which supports Oracle9i forward. So if you're running 9i, you should be alrgiht. You can get your hands on the FAQ at http://www.oracle.com/technology/products/secure-backup/pdf/FAQ.pdf HTH, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool.
On 2/6/07, David Robillard <[EMAIL PROTECTED]> wrote: > Thanks a lot, Our current backup system is veritas netbackup, and changing > that to entire bacula is best thing for me, May I ask why you would prefer Bacula over NetBackup? I'm just curious, because having worked with both, I personally prefer NetBackup. > so they wanted me encrypt these files, that is on the backup location > before the netbackup scheduler picks up these files. > > Database is getting backed up to a disk location and from there netbackup > agent picks up and writes it into the tape , but we have these 13 flat files > that go into offsite which really needs encryption and decryption logic in > place upon after restore back to disk . If those databases are all Oracle instances, then you might want to take a look at Oracle Secure Backup. It does exactly what you need. More info here: http://www.oracle.com/technology/products/secure-backup/index.html Cheers, Thanks a lot , but we are on Oracle9i database, the Oracle secure backup they are talking would be nice on 10G onwards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool.
Thanks a lot, Our current backup system is veritas netbackup, and changing that to entire bacula is best thing for me, May I ask why you would prefer Bacula over NetBackup? I'm just curious, because having worked with both, I personally prefer NetBackup. so they wanted me encrypt these files, that is on the backup location before the netbackup scheduler picks up these files. Database is getting backed up to a disk location and from there netbackup agent picks up and writes it into the tape , but we have these 13 flat files that go into offsite which really needs encryption and decryption logic in place upon after restore back to disk . If those databases are all Oracle instances, then you might want to take a look at Oracle Secure Backup. It does exactly what you need. More info here: http://www.oracle.com/technology/products/secure-backup/index.html Cheers, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool
Roland Smith writes: > > I am looking for any suggestion on using the right tool that > > I can use to perform the encryption/decryption for flat files. > > You can encrypt files with AES using ccrypt. > http://ccrypt.sourceforge.net/ Both ccrypt and ncrypt are available as ports. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool
On Mon, Feb 05, 2007 at 06:00:14PM -0500, Dak Ghatikachalam wrote: > Hi freebsd ers > > I am looking for any suggestion on using the right tool that I can use to > perform the encryption/decryption for flat files. You can encrypt files with AES using ccrypt. http://ccrypt.sourceforge.net/ Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpA8eFKXkjoW.pgp Description: PGP signature
Re: Question:encryption tool
On Mon, 5 Feb 2007 18:21:18 -0500, in sentex.lists.freebsd.questions you wrote: > >Thanks a lot, Our current backup system is veritas netbackup, and changing >that to entire bacula is best thing for me, > >But the making the decision about switching to bacula was above my pay >grade. I hardly see that happen anytime soon. > >so they wanted me encrypt these files, that is on the backup location >before the netbackup scheduler picks up these files. If you just want to encrypt the files with a password, openssl works well and can be found pretty well on any platform. [cage]% echo "this is a test" | openssl enc -aes-128-cbc -base64 -k pass U2FsdGVkX1+gkWRJo5W7PGBLpilZmlEx3+cKML+32to= [cage]% [cage]% [cage]% echo "U2FsdGVkX1+gkWRJo5W7PGBLpilZmlEx3+cKML+32to=" | openssl aes-128-cbc -d -base64 -k pass this is a test [cage]% But you really want to take a look at /usr/ports/security/gnupg. It seems all a bit confusing at first, but its a much better way to encrypt data and manage who has access to decode files without having to use a common passphrase. It as well will work across multiple platforms ---Mike Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool
On 2/5/07, Bill Moran <[EMAIL PROTECTED]> wrote: In response to "Dak Ghatikachalam" <[EMAIL PROTECTED]>: > Hi freebsd ers > > I am looking for any suggestion on using the right tool that I can use to > perform the encryption/decryption for flat files. > > We have a requirement to encrypt 15 flat files and be dumped on tape and be > stored in remote site facility for later business resumption. > > or in the crash/fire/emergency situation for the recovery purposes. > > For consistency I am planning to use the same tool across our Solaris, Linux > and Freebsd OS oracle database environments. If you deploy Bacula as your backup system, it includes support for encrypted backups: http://www.bacula.org Thanks a lot, Our current backup system is veritas netbackup, and changing that to entire bacula is best thing for me, But the making the decision about switching to bacula was above my pay grade. I hardly see that happen anytime soon. so they wanted me encrypt these files, that is on the backup location before the netbackup scheduler picks up these files. Database is getting backed up to a disk location and from there netbackup agent picks up and writes it into the tape , but we have these 13 flat files that go into offsite which really needs encryption and decryption logic in place upon after restore back to disk . Thanks Dak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Question:encryption tool
In response to "Dak Ghatikachalam" <[EMAIL PROTECTED]>: > Hi freebsd ers > > I am looking for any suggestion on using the right tool that I can use to > perform the encryption/decryption for flat files. > > We have a requirement to encrypt 15 flat files and be dumped on tape and be > stored in remote site facility for later business resumption. > > or in the crash/fire/emergency situation for the recovery purposes. > > For consistency I am planning to use the same tool across our Solaris, Linux > and Freebsd OS oracle database environments. If you deploy Bacula as your backup system, it includes support for encrypted backups: http://www.bacula.org -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"