[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Query on adding a USB hdd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/23/07 18:46, Douglas Allan Tutty wrote:
> On Wed, May 23, 2007 at 06:12:36PM -0400, Greg Folkert wrote:
>> On Wed, 2007-05-23 at 17:01 -0500, Ron Johnson wrote:
>  
>>> After all the stories about laptops full of sensitive data being
>>> stolen, and tapes full of sensitive data being lost, you still have
>>> to ask why someone wants to encrypt private data?
>> It comes to mind; why all this data is on a "portable device" in the
>> first place?
> 
> Recently, a major bank here in Canada lost a hard drive containing
> clear-text customer personal info (everything an identity thief needs)
> in transit from one major city to another.  I don't know why: 
> 
> 	1.  they didn't treat it like cach and send it via Brinks 
> 	2.  they didn't encrypt it and send it over the net.
> 
> If you're sending backup to off-site storage (vault) other than backing
> up to a remote data-center, for some period of time the data will be on
> some type of portable device whether hard drive or DLT.

Exactly.  An Iron Mountain courier stops by our data center morning
& late afternoon and (I think) once on Saturday.

Mostly we use legacy systems (z/OS & OpenVMS) so any Nefarious Ned
who robs the courier would have to have similar legacy hardware to
extract the data.  Very unlikely.  I don't know how they secure the
Oracle (both HP-SUX & Linux) and Windows data.  Not My Responsibility.

As soon as we upgrade to faster hardware (ha ha ha ha!), Rdb 7.2 and
OpenVMS 8.3, we can use the built-in encryption API to "totally"
secure our data.  Until then, it's Security Thru Expensive Legacy
Obscurity.

> It would be very nice if there was a universal cross-platform rw +
> encrypt filesystem for archives.  Something that you could be confident
> that you could decrypt and access in 10 years using whatever OS was
> current then.

tar is cross-platform, as is ASCII CSV.  PGP/GPG is also cross-platform.

Problem solved?

> I did something similar when I was running OS/2.  I implemented SHA and
> I forget which encrytion algorithm in REXX.  When my OS/2 died and I
> switched to Linux, it was a simple matter to translate the REXX into
> python and extract my archive.  
> 
> Right now, my archives are not encrypted and are tarballs.  With the
> media I also save a debian install set.
> 
> Doug.
> 
> 


- --
Ron Johnson, Jr.
Jefferson LA  USA

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGVNbDS9HxQb37XmcRAkW7AJ4njNRLX3Sw/HRCD2nyLqqog70McgCgryRx
IKz6H0KzXN+AAIkTDoUyRDg=
=olFk
-----END PGP SIGNATURE-----
Reply to: