Re: Filesystem level encryption for HP-UX?

Emerson Valley · ‎04-16-2003

Is there such a thing as filesystem level encryption? We would like render data on stolen harddrives useless.

A. Clay Stephenson · ‎04-16-2003

Not as such although it is possible to write custom device drivers to transparently crypt and decrypt data to and from the disks. This is not an exercise for the faint of heart.

If it ain't broke, I can fix that.

Geoff Wild · ‎04-16-2003

Don't know about encryption - but if you need to "wipe" the disks, there is a utility on the support plus cd called ODE.

You will need a temporary password from HP, bu it allows you to write random 0's and 1's to a hard drive.

It's painfully slow - about 24 hours for a 8.5 GB disk....

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Zafar A. Mohammed_1 · ‎04-16-2003

I hope you can do with some other 3rd party software, but its not an efficient idea to encrypt and decrypt the filesystems. There are lot of overheads in performance and other great issues. There are some tools from EMC or other that you can clean the storage completely.

Thanks
Zafar

harry d brown jr · ‎04-16-2003

If they have already been stolen, then theres not much you can do. If they haven't been stolen, and you expect them to be, then I suggest you hire a security firm to equip your company to prevent it from happening.

live free or die
harry

Live Free or Die

Emerson Valley · ‎04-16-2003

I was hoping for an add-in that did something similar to what NTFS does natively. Wiping and file level encryption is not really what I need. Management is concerned about trade secrets being stolen through "brute force espionage". :-)

I am not really concern (well management is not, I am) of the perfomance hit. What does the US miltary use to make their systems C3 compliant besides NT.

Shannon Petry · ‎04-16-2003

There is a 3rd party product which used to be called bcrypt. It was available for LINUX and NT. I remember reading that they were in the process of supporting both Solaris and HP-UX.

Search around for it. It was very efficient as it ran as a daemon. It supported custom full file systems, as well as containers (large files in Unix that act as file systems).

If your encrypting on NT, then you are using bcrypt. It's either real bcrypt or the MS copy of it.

Now, if your not able to find or afford this, you can always encrypt files manually with the crypt command. It's standard on almost all Unices, but does not support the best of algorythms (blowfish, des, etc..) but more simple crypt functions.

But.. I agree with Harry, that if your that concerned about someone stealing a drive.. Move your equipment to a locked area, and hire security. If it's illegal stuff your not supposed to have even the crypt software will be cracked by the government. ;)

Regards,
Shannon

Microsoft. When do you want a virus today?

Emerson Valley · ‎04-16-2003

I work for EDS and support the one of the world's largest automotive parts suppliers (narrows it down a bit).

I would not call Pinkerton's a slouch of a premsise security company either.

The buildings are secure but stuff can still happen.

Also this is for workstations that may contain data cor caches. The servers and SANs are all locked up good and tight.

Thanks for the Bcrypt lead Shannon! I will look into it.

Jeff Schussele · ‎04-16-2003

That's a hoot!
I think that last sentence has a typo - the next to last word needs to be spelled - despite

Cheers,
Jeff (Who lives absofrickinlutely NT-Free)

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Geoff Wild · ‎04-16-2003

You can't get the "military" version unless you are in the Military...Though you can get a B1 version:

certification ??? HP-UX 11i is Hewlett-Packard's UNIX??-based operating environment specifically targeted at Internet applications. HP-UX 11i delivers an end-to-end scalable, manageable, and secure infrastructure for developing, deploying, and brokering mission-critical e-services. HP-UX 11.11 is evaluated and certified to the Common Criteria evaluation assurance level EAL4, against the functional requirements in the Controlled Access Protection Profile (EAL4-CAPP). The target environment is for systems that may execute on a single HP 9000 Server or be connected to other HP 9000 Servers identically configured to form a local distributed system implementing a unified security policy. The details can be viewed at http://www.cesg.gov.uk/assurance/iacs/itsec/cpl/product.cfm?id=119.

HP also offers a version of HP-UX that is B1 certified.

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Filesystem level encryption for HP-UX?

Filesystem level encryption for HP-UX?