Re: Filesystem level encryption for HP-UX? (227 Views)
Reply
Occasional Advisor
Emerson Valley
Posts: 7
Registered: ‎01-28-2002
Message 1 of 12 (227 Views)

Filesystem level encryption for HP-UX?

Is there such a thing as filesystem level encryption? We would like render data on stolen harddrives useless.
Acclaimed Contributor
A. Clay Stephenson
Posts: 17,825
Registered: ‎07-16-1998
Message 2 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

Not as such although it is possible to write custom device drivers to transparently crypt and decrypt data to and from the disks. This is not an exercise for the faint of heart.
If it ain't broke, I can fix that.
Honored Contributor
Geoff Wild
Posts: 7,170
Registered: ‎06-04-2001
Message 3 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

Don't know about encryption - but if you need to "wipe" the disks, there is a utility on the support plus cd called ODE.

You will need a temporary password from HP, bu it allows you to write random 0's and 1's to a hard drive.

It's painfully slow - about 24 hours for a 8.5 GB disk....

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Trusted Contributor
Zafar A. Mohammed_1
Posts: 244
Registered: ‎08-05-2002
Message 4 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

I hope you can do with some other 3rd party software, but its not an efficient idea to encrypt and decrypt the filesystems. There are lot of overheads in performance and other great issues. There are some tools from EMC or other that you can clean the storage completely.

Thanks
Zafar
Honored Contributor
harry d brown jr
Posts: 8,418
Registered: ‎12-12-2000
Message 5 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?


If they have already been stolen, then theres not much you can do. If they haven't been stolen, and you expect them to be, then I suggest you hire a security firm to equip your company to prevent it from happening.

live free or die
harry
Live Free or Die
Occasional Advisor
Emerson Valley
Posts: 7
Registered: ‎01-28-2002
Message 6 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

I was hoping for an add-in that did something similar to what NTFS does natively. Wiping and file level encryption is not really what I need. Management is concerned about trade secrets being stolen through "brute force espionage". :-)

I am not really concern (well management is not, I am) of the perfomance hit. What does the US miltary use to make their systems C3 compliant besides NT.
Honored Contributor
Shannon Petry
Posts: 1,343
Registered: ‎12-17-1998
Message 7 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

There is a 3rd party product which used to be called bcrypt. It was available for LINUX and NT. I remember reading that they were in the process of supporting both Solaris and HP-UX.

Search around for it. It was very efficient as it ran as a daemon. It supported custom full file systems, as well as containers (large files in Unix that act as file systems).

If your encrypting on NT, then you are using bcrypt. It's either real bcrypt or the MS copy of it.

Now, if your not able to find or afford this, you can always encrypt files manually with the crypt command. It's standard on almost all Unices, but does not support the best of algorythms (blowfish, des, etc..) but more simple crypt functions.

But.. I agree with Harry, that if your that concerned about someone stealing a drive.. Move your equipment to a locked area, and hire security. If it's illegal stuff your not supposed to have even the crypt software will be cracked by the government. ;)


Regards,
Shannon
Microsoft. When do you want a virus today?
Occasional Advisor
Emerson Valley
Posts: 7
Registered: ‎01-28-2002
Message 8 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

I work for EDS and support the one of the world's largest automotive parts suppliers (narrows it down a bit).

I would not call Pinkerton's a slouch of a premsise security company either.

The buildings are secure but stuff can still happen.

Also this is for workstations that may contain data cor caches. The servers and SANs are all locked up good and tight.

Thanks for the Bcrypt lead Shannon! I will look into it.
Honored Contributor
Jeff Schussele
Posts: 6,795
Registered: ‎02-18-2002
Message 9 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

That's a hoot!
I think that last sentence has a typo - the next to last word needs to be spelled - despite

Cheers,
Jeff (Who lives absofrickinlutely NT-Free)
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Honored Contributor
Geoff Wild
Posts: 7,170
Registered: ‎06-04-2001
Message 10 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

You can't get the "military" version unless you are in the Military...Though you can get a B1 version:


certification ??? HP-UX 11i is Hewlett-Packard's UNIX??-based operating environment specifically targeted at Internet applications. HP-UX 11i delivers an end-to-end scalable, manageable, and secure infrastructure for developing, deploying, and brokering mission-critical e-services. HP-UX 11.11 is evaluated and certified to the Common Criteria evaluation assurance level EAL4, against the functional requirements in the Controlled Access Protection Profile (EAL4-CAPP). The target environment is for systems that may execute on a single HP 9000 Server or be connected to other HP 9000 Servers identically configured to form a local distributed system implementing a unified security policy. The details can be viewed at http://www.cesg.gov.uk/assurance/iacs/itsec/cpl/product.cfm?id=119.

HP also offers a version of HP-UX that is B1 certified.
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Honored Contributor
harry d brown jr
Posts: 8,418
Registered: ‎12-12-2000
Message 11 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

The military uses Marines and MP's to physically protect their systems.

If you want to protect your trade secrets from other companies then use a one-way encryption function, preferably something with a huge encryption key.

Maybe you need to look at what this company has done:
http://www.bluetie.com/downloads/BlueTie_Architecture_White_Paper.pdf
http://www.bluetie.com/about/ent_security.asp?id=&res=

live free or die
harry
Live Free or Die
Honored Contributor
harry d brown jr
Posts: 8,418
Registered: ‎12-12-2000
Message 12 of 12 (227 Views)

Re: Filesystem level encryption for HP-UX?

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.