Secure Transfer

D

Dillirium

Limp Gawd
Joined
Sep 16, 2004
Messages
439
All,
I'm new into security as far as encrypting data. I have some servers with very sensitive data and I'm wondering if anyone has experience on how to securely transfer data onto a device (like an external usb) ... encrypted and transfer it back to HQ. I have a server at a remote site that has secure data and I would LOVE to image the driver and virtualize it somehow. Pop the data onto an external usb drive and then send it back.. Anyone have any thoughts on this? Need more info?
 
Cheap and dirty way.

Truecrypt with keyfiles instead of passwords.

At HQ, generate the Truecrypt volume with an innocuous keyfile(s). Load a bunch of junk into the default partition with a copy of the keyfile(s). Edit the mobile version(s) of the keyfile(s) by one character.
Keep a copy of the original keyfile(s) at HQ.

Head out to the remote server, re-edit the keyfile(s) back to original.
Delete the junk from the default partition.

Open the Truecrypt partition. Copy the data into the Truecrypt partition and close it.

Once done either:

A: Delete the keyfile(s).
B: Copy the keyfile(s) to the remote server so you don't need to copy it again in the future.

You now have your data in an encrypted, hidden volume on the flash drive.

For all intents and purposes the data is completely safe while in transit since you're not carrying a copy of the keyfile on the return trip.

The volume can be found using various tools. But someone would REALLY have to know that the data was there and want it REALLY badly to try breaking open the volume. And even then, the amount of time it'd take would be fairly ridiculous.
 
Last edited by a moderator:
Thank you for that feeback. Does anyone have a method to image a system and restore onto a virtualized machine?
 
cant you encrypt then get a vpn or ssh to HQ and send it over the net? or an sftp...

you can use vmware to make a vm image of an installed system.

windows desktop or server OS?

workstation lets you make a vm image of a desktop OS.
 
Is your server running RAID, cause i'm not familiar with any encryption software that will function correctly on a RAID array. If you know of one, share it please :)
 
Where does trucrypt say it supports RAID cause i can't find it anywhere
 
The RAID card presents a volume to the operating system, what that volume consists of is inconsequential as far as Truecrypt is concerned.
 
this all helped a lot. I'm actually contacting Acronis and getting some information from them. I would of used the SFTP method but the clients bandwidth is important and slow. So getting the information back to HQ would be interruptive.

I actually brought up Truecrypt and people automatically sighed. I didn't realize that was a sore spot :p I guess our Security people don't allow that one...

*sigh*
I wish I could detail the do's and do not's but corporate doesn't want us to share detailed information about our systems and software useage. Pretty crazy :eek:

I appreciate all of your help! I think I may have something down on paper now, it just needs to run through the proper channels which i'm sure will take a couple or more months......

-Dill
 
Yeah. As a permanent solution, Truecrypt has a lot to be desired.

But you're talking about ferrying data back and forth BY HAND (see "IP over carrier pigeon").

You don't need some 30-trillion bit filesystem encryption on something that's ostensibly never going to leave your hand once the sensitive data's on it.

And once the keyfile is on both ends, they have to:

  1. Know the partition is there
  2. Guess it's Truecrypt
  3. Get one of the Truecrypt cracking tools and brute force the partition.

All you really need is an initial deterrent to prevent unauthorized acquisition of the data.
 
No Enrcyption will support "RAID" as you put it, because it doesnt matter.

You encrypt Volumes with software based encryption.
 
You must log in or register to reply here.
Back
Top