March 5, 2018 at 7:24 am
Hi Guys,
Did anyone find a way to print .SQL certificate files (.MK, .CER and .PK) on PAPER for long term storage in a vault ?
I don't trust USB and SD as long term storage, and a harddisk is too big and sensitive to be reliable (they tend to bounce back up in more then one piece)
Since those files are tiny (1 KB'ish) I tried to find a QR generator, but could not find one that will take an input file of 1 KB.
An alternative is to BASE64 encode the files and use some OCR to read it off the paper if ever the need should arise.
Any thoughts on this, anyone ? 🙂
March 5, 2018 at 8:40 am
I'd never considered this approach, not sure how successful it would be. I can understand your reluctance to rely on magnetic media or flash memory for long term storage but how about something like burning the files to a CD? I know fewer and fewer computers are including optical drives, but it still could be an option that would certainly work better than paper.
March 5, 2018 at 3:31 pm
Hi Chris,
Actually, nearly all systems my customers run these days don't have a DVD drive anymore, and in 5 or 6 years we will be *really* hard pressed to find one that still works, and even then you should use stuff like M-DISC to be near certain about longevity. SANDISK's WORM SD card used to the trick, but they are EOL. see: link
In one customers case we were not even allowed to use a password manager like keepass because it's open source ....
yeah yeah... quit laughing, but that is how it is, and i must deal with it 😛
So, i started thinking, since they are really small files, why not print them in a format an OCR scanner can easily recognize, and recreate the files.
Paper printed using laserprinters is a surprisingly stable medium, takes almost no space in a vault, and will last much longer then the SQL server data using that encryption (15 years for tax laws).
I'll keep looking and report back what i have figured out.
March 6, 2018 at 2:27 am
Is using online storage not an option? For example Amazon's S3 is secure (providing you set it up correctly), it is also one of the most redundant online storage facilities available. The cost to store the files indefinitely would be pennies per year.
MCITP SQL 2005, MCSA SQL 2012
March 6, 2018 at 2:34 am
Nope,
We are talking about the encryption certificates for the SQL server backups containing *very* personal data, the Security officer would have a fit if I would suggest storing that kind of data in the cloud.
He demands HARDcopy..... as in something physical and durable he can store in his datavault (the kind of vault that survives 24 hour blazing fire, a 4 story drop and then having the entire building collapse upon it) 😀
March 6, 2018 at 4:25 am
Theo Ekelmans - Tuesday, March 6, 2018 2:34 AMNope,We are talking about the encryption certificates for the SQL server backups containing *very* personal data, the Security officer would have a fit if I would suggest storing that kind of data in the cloud.
He demands HARDcopy..... as in something physical and durable he can store in his datavault (the kind of vault that survives 24 hour blazing fire, a 4 story drop and then having the entire building collapse upon it) 😀
Seems like over kill to me, I could agree with the point if the actual database backups were stored in the same location but I assume your backups are on premise? Providing you access S3 as a service using a suitable API and encrypt your traffic with SSL when uploading where is the risk? When stored at rest in S3 you can enable encryption as well as other security measures. Yes there are stories of data leaks from S3 but almost every single one has been down to mis-configuration rather than being hacked.
The keys are only of any use if you have access to the backup media and unless you combine your own network with amazons using direct connect or a VPN then those encryption certificates are useless to anyone without the actual media.
MCITP SQL 2005, MCSA SQL 2012
March 6, 2018 at 6:39 am
Theo Ekelmans - Tuesday, March 6, 2018 2:34 AMHe demands HARDcopy..... as in something physical and durable he can store in his datavault (the kind of vault that survives 24 hour blazing fire, a 4 story drop and then having the entire building collapse upon it) 😀
I sincerely hope that by "his datavault" you are referring to some third party off site service, not something he personally has at his house or something 🙂
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply