Encrypting file folders on OS X Server but needs to be cross plateform

We have OS X server 10.4 and 10.5. We have been asked by our client to implement some demanding security policies. One is to have our files encrypted on our file server for more sensitive files. This is in case there is a breach in the network and access is gained to the server the data is still secure. Well we work in a mix platform environment but there are very few options on the Mac for encyrpting folders that aslo work on the PC. PGP desktop looks to be the only option but from some of the reviews looks kinda buggy and there network version is only for the PC.
Anyone else run into this problem and what was your solution?
Thanks!
Steve
Message was edited by: Steve Burns1

This is certainly an interesting problem and an interesting requirement. On the face of it, a quite difficult problem.
As for your requested approach here, I don't know of an available and cross-platform distributed authentication and distributed encryption and distributed auditing scheme.
I'd expect most folks presented with this problem and with this requirement would carefully control access onto the LAN and into the data, and would encrypt the traffic. And would bury the data inside a secured server or secured server farm.
There's a particular and fundamental consideration here. If the client or the server security is breached, then folder or file encryption is itself vulnerable each and every time the folder or file contents are decrypted for use. (It's the system that allows you to decrypt and access the folder and file data. If you don't trust the client or the server, then you'll have to consider whether or not you trust providing your key(s) for decryption. And what happens when a user's key is exposed.)
With cross-platform or client-server remote file access operations as proposed in your approach, you've just extended the security perimeter around all the boxes involved, and it's wicked hard to revoke the data access keys in these sorts of environments.
Most folks will "bunker" the critical data, rather than spreading the perimeter around, and will manage and maintain and audit the (encrypted) channels into the data. More copies of the data -- whether currently encrypted or otherwise -- means more headaches. Keeping the data close and being able to remotely revoke the access keys is invaluable.
As for remote access, you might find an encrypting or kerberized NFS (krb5p being the gonzo setting) useful. This encrypts the traffic. And you can zonk the access keys via the KDC.
ZFS (and encryption is itself just starting to be being baked into ZFS) is just starting to come on-line, and likely isn't fully and sufficiently widely available for your needs yet. ZFS might eventually provide what you want here. But again, auditing client access is hairy. It only takes one bone-headed clear-text data export from one client, or one compromised client or lost password, after all.
Or the classic pgp or zip can be used to toss the files around, and with varying degrees of cryptographic security. Of course everybody ends up with the keys to the kingdom pretty quickly, with the difficulties in auditing and revoking data access that are inherent in distributed access, and one compromised client or one lost laptop can potentially ruin the whole plan.
A custom solution build on NFS or such is very likely feasible, but it won't be cheap. You'd likely need to insert your own network-capable "disk" drivers into the Windows I/O stack, for instance. (This has been done before...)
Don't forget to consider password recovery, too. Both to permit it or to have a carefully controlled "back-door" into the data (which has its own risks), and to avoid the social engineering attacks that can arise here.
(I'd be interested to hear more about this and whatever solution you might eventually choose here, too. This looks to be a very knotty problem.)
And OK, so I'm over-thinking it all.

Similar Messages

  • I lost my contacts and mail folders on my exchange server but they are still on my MAC. How can I resync?

    I run both a MAC and a PC with two different mail clients Entourage vs. Outlook. I have never had a problem with the clients syncing with the Exchange server until I did an archive of all emails in outlook that were older than this year. Now some subfolders have disapeared on the PC and the Exchange server but still show up in Entourage. How can I resync Entourage to the Exchange and have Exchange server "accept" the Entourage folders as correct?
    Also I use an Iphone and backup to the icloud. So why did my contacts disapear from the iphone and are not restored via icloud? The missing contacts also disapeared from exchange.
    Iphone 4s ver 5.1.1
    Exchange 2003
    MacBook Pro OSX 10.5.x ( I think - since the finder->about this Mac button doesnt work)
    Entourage 12.3.3
    Thanks so much.
    John

    Anything Downloaded with a Particular Apple ID is tied to that Apple ID and Cannot be Merged or Transferred to a Different Apple ID
    Apple ID FAQs  >  http://support.apple.com/kb/HT5622
    You cannot Delete from your Purchase history... But... you can Hide...
    iTunes Store  >   http://support.apple.com/kb/HT4919
    Note:
    iCloud only Stores a Link to your Apps...

  • HT1338 I cannot open encrypted files/folders on my back up disc.

    Hi, I created an encrypted disc, with disc utility. It is a .sparseimage type file, 128 encryption, password protected. I can open it on my Mac no problem, I took the password off the keychain (as advised) and if I try to open the disc (which I placed in "Documents") once I enter the password, everything opens fine.
    The problem is when I try to open the files on my back up disc (I use an external hard drive to back up everything, via time machine) I get this message after entering the password" The following disc images could not be opened" and in a smaller box underneath, the relevant disc is named and it says this next to it"no mountable file systems".
    So if my Mac was to crash and I needed the ext. hd as a back up for recovery, currently, the encrypted files cannot be opened.
    Can anyone please help?
    Many thanks,
    Michael.

    How do you copy it to the backup disk? That error generally means that the file didn't fully copy over.
    Open a Terminal window. Type 'md5', space, and then drag the sparseimage file that works into the Terminal window, and then press return.
    Do the same think for the sparseimage that doesn't work.
    If they are the same file, they should have the same MD5 value. If the codes don't match, the files are not identical.
    Do a Get Info on each file and see if they are the same length.
    The only thing I can think of is that file is not completely copied or the external disk is formatted as a FAT32 (Windows) disk, in which case, files can't be more than 4G and if your image is larger than that, it will get cut off.

  • Is there a log of files/folders deleted from server?

    Is there a log of files/folders deleted from our server that I can look at?

    Hi again Christiaan, I'd be wary of upgrading your server just for this feature. This article mentions the pitfalls of the different server setups, loss of server preferences when upgrading etc...
    The benefits of having file and folder creation/deletion logged could be easily outweighed by the loss of auto setup of users mail and the other features that 'just work' in a standard install.
    Cheers

  • Loop Browser - Removing files/folders not indexed in the Apple Loops Index

    Hi...
    I experimented with dragging in a SFX folder to the Logic Pro Loop Browser window. It asked me if I wanted to copy files to the Apple Loops folder or reference the original files, and I selected reference the originasl files.
    The SFX files were then listed under the OTHER area of the View menu.
    Question... HOW do I remove these SFX files/folder from the OTHER view menu?
    I have tried deleting all of the Apple Loop Index files and that did not work.
    I have tried deleting the actual SFX files/folders, and after they disappear, but when I restore the SFX files/folders to their source location they reappear in the logic browser view menu.
    Is there some where else Logic stores Loop Browser reference data which can be deleted to remove these OTHER files/folders from the Loop Browser view menu?
    Thanks

    Success...
    OK I found the solution.
    1) I deleted the SFX audio files from the referenced HDD source location.
    2) I opened Logic and re-index the Loop Browser.
    3) I quit Logic and copied the SFX files back to the HDD.
    When I opened Logic this time, the SFX files/folders referenced under the OTHER menu were gone.
    Because I have a huge production music & SFX library, the best way to audition these sources for use in a Logic project, is to audition in iTunes and then just drag whatever I need right from within itunes into the Logic project.
    That keeps my Logic loop browser more manageable and focused on composing.

  • Can't see files/folders on server from windows

    i'm not sure if this is related to the ACL issue (not being properly honored in Samba on Leopard), but i'll explain my problem and hopefully someone can point me in the right direction
    i've set up file sharing with my server on several Macs and a couple of PCs without a problem, but on one PC, when i connect to the server, i can't see any folders at all on the server in the Explorer window. i also can't move files to the server as it tells me i don't have permissions. i am certain this is set up the same as the other PCs and ensured that the Windows user has file sharing enabled on my server.
    please note that i'm fairly new to setting up a server so not too much jargon please!
    cheers
    ric

    The problem may be how the CD was formatted. Macs support ISO-9660 better than any other crossplatform format.
    Recently Software Architects has improved UDF support on the Mac, though I have yet to test it to see how true their claim is:
    http://www.softarch.com/us/products/rdvd.html

  • Files/Folders copied to 10.3.9 server are not getting proper permissions

    If a user copies a file or folder to the server, occasionally it will only be available to them even though its parent folder is one shared to everyone with R/W access.
    I've dug through the Workgroup Admin/sharing section and found the button to Propagate Permissions and ran that. I hope it fixes the issue.. However I was hoping someone could explain the difference between "Use Standard Unix Permissions" and "Inherit Permissions from Parent" options.
    I found the 10.3.9 manual online and I can understand the inherit from parent option but the Unix one doesnt make any sense.
    In our environment I would think the parent option would be best but the unix one is checked.
    thanks
    Mike

    Note that even under "inherit" permissions, the
    'owner' of the new file/folder will be set to the
    user who created it. The owner is not inherited. This
    has relevance when you start to create permissions
    structures for access to folders/files. If you use
    the simple inherit permissions model, then you have
    to base your permissions structures on the group
    permissions, not the owner.
    -david
    I was following you until the last sentence. Could you explain "basing your permissions structures on the group
    permissions, not the owner"
      Mac OS X (10.3.9)  

  • Any news about Mountain Lion not closing open files / folders on smb server shares?

    Hey Apple, anyone listening?
    Are there any new about this issue, where Mac clients cannot move/edit/rename each others files and folders on a smb server share? We are a graphics work group in an otherwise Windows-centered enterprise. We have mac clients with OS X 10.5.8, 10.6.8, and recently 10.8.5. None of the older clients can work with files or folders created by the new machine, meaning that InDesign files will open read only, files and folders cannot be moved or renamed. This is absolutely critical in a flexible work environment, where any graphics designer must be able to jump into any other project on short notice.
    As mentioned in other threads around the web, this seems to be a problem not with file permissions but with the finder not releasing/closing files and folders correctly when not actually in use. (a known issue is the fact, that i.e. Acrobat pdf must not be viewed in column views preview, if anyone else wants to overwrite that file, but this issue here goes much further). We urgently need a fix for that!
    I'm really desparate about this topic, since the IT-department is already reluctant to offer mac support and to look into these problems; if there is no solution to this, we will be switched to windows workstations by the end of the year ... Apple, do you want that? We surely don't!
    A frustrated user

    Hi,
    thanks for your answer. Does that mean, that there is a solution to this on the server side?  Is this ACL stuff a matter of setting up the server correctly, rather than a problem with mountain lion's networking?
    If i could be sure about this, I would approach our IT department... (the are just waiting for some Mac User pestering them ) ...

  • I have upgraded from 10.5 to 10.6 and found that all folders/files/pics have pixelated (either white or black) patterns on them. But it turns out fine when i open up the affected files/folders/pics. And this phenomenon persists after updating software.

    I have upgraded from 10.5 to 10.6 and found that all folders/files/pics in my disk drive have 'dotted' (either white or black) patterns on them. But it turns out fine when I open up the affected files/folders/pics. And this phenomenon persisted even after updating to the latest software. I proceeded to upgrade to 10.8 and updated the latest software thinking that this might resolve the problem but still stays the same way as it was. Could it be the Adobe flash player that is causing this problem? Please help.

    this posting shows how to migrate wiki. http://discussions.apple.com/thread.jspa?threadID=2205892
    I did it and it worked.

  • Create Excel file in application server but the field value is incorrect

    Hi Experts,
    i am facing a problem when create excel file in application server using OPEN DATASET command.
    the internal table have 4 field and one of those field contains 19 digit number --> ICCID.
    the code running well, successfully create EXCELfile in application server but the problem is SAP only copy exactly first 15 digit numeric only and the rest became zero 0
    Example :
    the field value in internal table is 8962118800000447654 but when i opened in the excel file the value became 8962118800000440000.
    and if i add alphabet like a8962118800000447654 then it is correct.
    is there is anything wrong with my code?
    here is my code
    CONSTANTS: c_tab TYPE abap_char1 VALUE cl_abap_char_utilities=>horizontal_tab. "Tab Char
    Data : begin of lt_zdsdmmdt00005 occurs 0,
             SERNR (18) type c,
             MSISDNl(20) type c,
             BOX1 (20) type c,
             ICCID(30) type c,
           end of lt_zdsdmmdt00005.
    data : ld_temp(100) type c.
    i_file = '/usr/sap/DM/test_excel.xls'.
    open dataset i_file for output in legacy text mode.
      loop at lt_zdsdmmdt00005.
        move lt_zdsdmmdt00005-ICCID to ld_iccid .
        concatenate lt_zdsdmmdt00005-sernr  lt_zdsdmmdt00005-MSISDN  lt_zdsdmmdt00005-BOX1 ld_iccid
        into ld_temp separated by c_tab.
        transfer ld_temp to i_file.
      endloop.
      close dataset i_file.
    Best Regard,
    Akbar.

    Hi Naveen,
    thanks for your reply,
    i already tried and the result still the same. any idea?
    Best Regard,
    Akbar.

  • How to work with files in folders on Application/Presentation Server

    Hi,
    I am working on interface program in which files are populated in folders in application/presentation server in the format 'ABCsy-datumsy-uzeit.txt'(e.g.ABC20051022161450.txt,ABC20051022161455.txt ) in directory c:\temp.
    I want to sort all these files and read in sorted manner.
    can anybody help me out in this.
    waiting for reply.
    thanks & regards,
    Nitin

    Hi,
      This logic will work for files on presentation server,
    DATA:  l_count TYPE i,
           l_filename TYPE string,
           t_files TYPE string OCCURS 0 WITH HEADER LINE,
           BEGIN OF t_files_sorted OCCURS 0,
             file_prefix(3),
             file_date LIKE sy-datum,
             file_time LIKE sy-uzeit,
             file_extension(4),
           END OF t_files_sorted,
           t_text TYPE TABLE OF w3html.
    CALL METHOD cl_gui_frontend_services=>directory_list_files
      EXPORTING
        directory                   = 'C:\Temp'
        FILTER                      = '*.txt'
         files_only                  = 'X'
       DIRECTORIES_ONLY            =
      CHANGING
        file_table                  = t_files[]
        count                       = l_count
      EXCEPTIONS
        cntl_error                  = 1
        directory_list_files_failed = 2
        wrong_parameter             = 3
        error_no_gui                = 4
        OTHERS                      = 5.
    IF sy-subrc <> 0.
    MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
               WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
    LOOP AT t_files.
      t_files_sorted = t_files.
      APPEND t_files_sorted.
    ENDLOOP.
    SORT t_files_sorted BY file_date file_time.
    LOOP AT t_files_sorted.
      CONCATENATE 'C:\Temp\' t_files_sorted INTO l_filename.
      CALL METHOD cl_gui_frontend_services=>gui_upload
        EXPORTING
          filename                = l_filename
         FILETYPE                = 'ASC'
         HAS_FIELD_SEPARATOR     = SPACE
         HEADER_LENGTH           = 0
       IMPORTING
         FILELENGTH              =
         HEADER                  =
        changing
          data_tab                = t_text[]
        EXCEPTIONS
          FILE_OPEN_ERROR         = 1
          FILE_READ_ERROR         = 2
          NO_BATCH                = 3
          GUI_REFUSE_FILETRANSFER = 4
          INVALID_TYPE            = 5
          NO_AUTHORITY            = 6
          UNKNOWN_ERROR           = 7
          BAD_DATA_FORMAT         = 8
          HEADER_NOT_ALLOWED      = 9
          SEPARATOR_NOT_ALLOWED   = 10
          HEADER_TOO_LONG         = 11
          UNKNOWN_DP_ERROR        = 12
          ACCESS_DENIED           = 13
          DP_OUT_OF_MEMORY        = 14
          DISK_FULL               = 15
          DP_TIMEOUT              = 16
          others                  = 17.
      IF sy-subrc <> 0.
      MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
                 WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
      ENDIF.
    *****Your processing here..
    ENDLOOP.
    Also, use the FM that MAX has if you have to work with files on application server by replacing code in the above logic at appropriate places, like replace
    cl_gui_frontend_services=>directory_list_files
    with the corresponding fm
    and replace cl_gui_frontend_services=>gui_upload
    with OPEN DATASET...
         CLOSE DATASET...
    logic.
    Hope this helps..
    Sri
    Message was edited by: Srikanth Pinnamaneni

  • Files/folders not showing up with Airport Disk but are there?

    I've recently bought the Airport Extreme, I was all excited about Airport Disk but there is a weird, extremly annoying bug.
    On my USB hard drive connected using Airport Disk, I have a folder called music. When I open this folder, OS X starts reading the directory and files/folders show up one by one, but then it just all disappears - and the folder shows nothing. In Windows, it shows nothing at all in the folder. However, when I reconnect the drive using USB to my MacBook Pro, all my music is there and I can see all the files.
    I have a feeling this is something to do with this:
    http://docs.info.apple.com/article.html?artnum=305040
    as I have German and Japanese music files imported by iTunes which are not named in English (ie the filenames are encoded in Japanese etc etc)
    Another strange thing is, in Windows, if I type the direct path to a folder (which is inside the supposed empty folder) I will be able to access it.
    What's going on Apple?...
    Anyone else got this issue?...
    Thanks
    macbook pro   Mac OS X (10.4.9)  

    Hi Everyone,
    I was experiencing the same. on the XP box it just wouldnt show anything period and on the Mac, the finder would briefly display the contents of the drive before disappearing. Spoke to Tier 2 and they thought I should reformat the drive, since he thought it likely that due to severing the drives connection that the format was corrupt...
    I did manage to fix it myself and I'll tell you how. First I hardwired the drive via USB to the Mac. noticed an item called FROM which had no size, no date modified and type was --. I deleted the RECYCLED folder (which results when you delete something from the drive thru XP)
    then i hardwired it to the PC. deleted the "FROM" folder which in this case was a file folder, and 237MB approx in size. I also deleted the ".DSStore" and ".Trashes" files. .DSStore is basically the icon cache and .Trashes is when you delete something on the airdisk from the Mac. reconnected the drive and POOF! it worked Problem is now solved.
    So to summate, i think in my case it was more the discrepancy between the FROM not showing up as anything on the Mac, versus it being a full fledged folder to windows xp. i just thought i would pass this along...
    Macbook C2D 2.0GHZ   Mac OS X (10.4.9)  

  • I am not able to transfer emails from outlook 2007 in Windows 8 to outlook 2011 in Mac.  I export .pst file to my hard drive from win 8 and then import in outlook 11 in mac, the folders including subfolders are created but there are hardly one email

    i am not able to transfer emails from outlook 2007 in Windows 8 to outlook 2011 in Mac.  I export .pst file to my hard drive from win 8 and then import in outlook 11 in mac, the folders including subfolders are created but there are hardly one email.  Please help

    Post your question in the MS Mac forums since it's their software you're having issues with:
    http://answers.microsoft.com/en-us/mac

  • CS4 - can't delete files/folders - doesn't match windows directory but works fine in DW8

    When I delete files/folders in CS4 the deletion is not reflected in my local windows directory.
    And if I exit CSW and reload CS4 all the files and folders are back again.
    I have never used cloaking but ran uncloak all with no result.
    But all this workd fine in DW8.
    Any thoughts?

    Oh... well  this is interesting... disk utility is say that it IS formatted MS-DOS (FAT32). Is that what's causing these errors? This thing has been running with my mac beautifully for years. So do I pull my stuff off, wipe it and reformat it for a mac? Or since it is FAT 32 can I hook it up to a windows computer and fix the problem? Since I had the wrong format, I can delete the files but if I don't fix the format this will keep happening?
    Volume repair reported:
    Verify and Repair volume “750GBEXT”
    ** /dev/disk1s1
    ** Phase 1 - Preparing FAT
    ** Phase 2 - Checking Directories
    /.../SpryAssets/_NOTES has entries after end of directory
    Truncate? yes
    /..../My Work has entries after end of directory
    Truncate? yes
    ** Phase 3 - Checking for Orphan Clusters
    95906 files, 181003968 KiB free (5656374 clusters)
    ***** FILE SYSTEM WAS MODIFIED *****
    Volume repair complete.Updating boot support partitions for the volume as required.
    And thanks!

  • I had backed up my iPhoto library from my old mac onto an external drive. When I got my mac book pro this year I could not open the files. The program recognises the folders and opens the rolls but the image is greyed out.

    My old power book used an older version of iphoto, when I bought my macbook pro recently I tried to upload, from an external drive, my backed up files. The program opens with all the relevant folders down the left side but none of the image files will open; the boxes that would contain them are there, but greyed out.

    I am now using iphoto '11 version 9.4.2, the original images that Im trying to recover from the ext HD are iphoto version 6. The EXT HD is formatted for mac and has been ok for all my other files that have been backed up.
    When I boot up iphoto version 11 it looks like it always does and will open my current library of images. If I try to get images from the ext hd in this program the folder info is ok (down the left side) but the image boxes are greyed out.

Maybe you are looking for

  • Can ODI delete a file from an FTP server

    Hi I'm downloading a file via FTP - but I want that file removed after it's downloaded. So I want to 'move' the file down, rather than copy it... or delete it after it has downloaded Is this possible with ODI? Many thanks Z.

  • From: header being changed in Mail 2.1

    My Mac is on a small LAN I set up in my house to enable multiple Net access with only one phone line.  To send mail I have to use the SMTP server that goes with the other computer on the network, though incoming mail comes to me via a quite different

  • Using iPhone 4 with my car radio

    I have a car radio which can connect to the standard iPhone (or iPod or iPad) connector/charger port and the music from the device can then be played through the car speakers. The tracks and playlists are listed on the radio and you control the devic

  • Can a single Kerberos Keytab file hold multiple principals?

    Hi I have a situation where I have multiple keytab files (different principal accounts) and my application is going to use these different service principal accounts and connect to one or more Oracle databases (all kerberos enabled). Can I maintain o

  • CONVERTING KEYNOTE FILES TO IMOVIE FILES

    HI HOW DO YOU CONVERT KEYNOTE FILES TO USE IN IMOVIE AND THEN BURN TO DISC SO YOU CAN WATCH THE MOVIE ON TV. THANKYOU