Isipele esibethelwe: umhlahlandlela ophelele wokuphepha wama-backups akho

Ukuvikela ama-backups akusadingeki: ngokukhula kwe-ransomware kanye nokwephulwa kwedatha okukhulu, Ukubethela ama-backups sekuyingxenye ebalulekile yanoma iyiphi isu lokuphephaUkuba nekhophi akwanele; uma leyo khophi ibhalwe ngombhalo ocacile, noma yimuphi umhlaseli oyitholayo uzokwazi ukufunda nokusebenzisa lonke ulwazi.

Emigqeni elandelayo sizobona ngokuningiliziwe ukuthi i-encrypted backup isebenza kanjani kumapulatifomu ahlukene (i-Azure, i-AWS, izixazululo zesofthiwe ezifana ne-NAKIVO, i-Veeam noma i-Synology C2), yiziphi izindlela zokwenza izinto ezisetshenziswayo, ukuthi okhiye baphathwa kanjani kanye nokuthi Yiziphi izingozi nemikhuba emihle okufanele uyicabangele ukuze ugweme ukulahlekelwa idatha yakho?Umgomo uwukuba ugcine unombono ophelele nosekelwe, ngesiSpanishi esicacile nesiqondile.

Kuyini ngempela isipele esibethelwe?

Uma sikhuluma ngokusekela ngokulondoloza okubethelwe, sibhekisela enkambisweni lapho Idatha ekusipeleni iguqulwa isuke kufomethi efundekayo iye kwengafundeki. kusetshenziswa i-algorithm ye-cryptographic kanye nokhiye wokubethela. Ngaphandle kwalowo khiye (noma ngaphandle kwephasiwedi ekhiqiza ukhiye), okuqukethwe kwekhophi yasenqolobaneni akusizi ngalutho kunoma ubani oweba noma ovimbayo.

Empeleni, lokhu kusho ukuthi ifayela, isizindalwazi, noma isithombe somshini obonakalayo siba yibhulokhi yedatha ebonakala ingahleliwe; Izinhlelo ezigunyaziwe noma abantu abanokhiye ofanele kuphela abangaguqula leyo nqubo bese ubuka ulwazi lokuqala futhi. Uma umuntu wesithathu efinyelela ifayela lokukopisha, ngaphandle kwesihluthulelo bazobona idatha ebethelwe kuphela engenalo inani elisebenzayo.

Lokhu kubethela kungasetshenziswa ngenkathi kukhiqizwa ikhophi (emthonjeni), ngesikhathi sokudluliselwa ngenethiwekhi, noma kudatha esivele igciniwe; Okungcono kakhulu, kufanele uhlanganise izingqimba ezintathu: imvelaphi, ukuhamba, kanye nokuphumula.ukumboza yonke impilo yokusekelayo.

Isibonelo esilula: uthatha ifayela lombhalo elinemininingwane yamakhasimende bese ulithumela endaweni yokugcina idatha. Uma ulibhala nge-AES-256 ulandela imikhuba emihle kakhulu ama-backups avikelekile, okuqukethwe kuguqulwa kube umbhalo oyimfihlo; Ngisho noma othile eba idiski noma evimba ithrafikhi, ngeke akwazi ukwakha kabusha ulwazi ngaphandle kwenkinobho yokuqaqa..

Kungani kubaluleke kangaka ukubethela ama-backups?

Ukusekela ngokulondoloza bekulokhu kubhekwa njengendlela yokusiza ekutholeni ulwazi, kodwa ngokwandayo kuba yizisulu eziqondile zabahlaseli. Uma i-ransomware noma umhlaseli ekwazi ukubhubhisa noma ukweba ama-backups akho, kukushiya ungenalo uhlelo B. futhi kwandisa umthelela wesigameko.

Ukubethela amakhophi kunezinzuzo eziningana ezicacile: okokuqala, noma ngabe othile weba amafayela noma ama-cartridge, Ulwazi luzohlala luvikelwe ekufinyeleleni okungagunyaziweNgakolunye uhlangothi, kusiza ukuhambisana nezinhlaka zomthetho ezidinga ukubethelwa kwedatha ebucayi kokubili ngesikhathi sokuthutha kanye nalapho uphumule.

Imithethonqubo efana ne I-GDPR, i-PCI DSS, i-HIPAA, i-CCPA, i-SOC 3 noma i-CIRCIA zidinga izindlela zokuvikela eziqinile ngemininingwane yomuntu siqu, yezempilo, noma yezezimali. Ezimweni eziningi, ukubethela ama-backup akuseyona into enconywayo, kodwa kuyisidingo sokugwema izinhlawulo kanye nezikweletu zomthetho.

Kukhona futhi i-engeli ewusizo: uma uthutha ama-backups kumidiya esuswayo (amadiski, amatheyiphu, i-NAS ithuthelwa kwesinye isikhungo sedatha, njll.), Ukubethela kunciphisa kakhulu ingozi yokulahleka noma ukwebiwa ngokoqobo kwendawo yokugcina izintoUma i-hard drive yangaphandle enamakhophi abethelwe inyamalala, umthelela uba mncane kakhulu kunokuba ubungawubhala ngombhalo ocacile.

Noma kunjalo, ukubethela akuyona imilingo: kuhilela ubunzima obukhulu bobuchwepheshe kanye nokuhlela. Kumelwe uphathe kahle okhiye bakho, wamukele umthelela omncane wokusebenza, futhi ulungiselele izinqubo zokutakula. abacabangela ukusetshenziswa kwamaphasiwedi noma i-KMS ukuze bangakuvaleli ngaphandle ngosuku okudingeka ulubuyisele ngalo ngempela.

Ama-backups abethelwe ngokumelene ne-ransomware

I-Ransomware ishintshe imithetho yomdlalo. Isu elivamile akuseyona nje ukubethela idatha yokukhiqiza, kodwa futhi thola futhi ubhubhise ama-backup, noma ukhiphe ama-backup ukuze akuthuke ngencwadi yawoUma ama-backup akho engavikelwe kahle, umhlaseli angakushiya ungenalo ithuba lokululama.

Kubalulekile ukuqonda iphuzu elilodwa elibalulekile: Iqiniso lokuthi ikhophi yasenqolobaneni ibethelwe alivimbeli i-ransomware ekuyisuseni noma ekuyibhaleni kabusha.I-Malware ivame ukusebenzisa ama-algorithm ayo okubethela ukuze ikwenze ulahlekelwe ukufinyelela ifayela, ngakho-ke uma ikhophi ifinyeleleka ngezimvume zokubhala, umhlaseli noma i-malware ingayonakalisa noma kunjalo.

Lapho ukubethela kwenza umehluko ngempela kusekugcinweni kwemfihlo. Uma umhlaseli elanda amafayela akho okusekelayo kodwa abethelwe ngama-algorithms aqinile nezinkinobho ezivikelwe kahleNgeke bakwazi ukukhipha ulwazi ukuze baluthengise noma balushicilele. Kuleso simo, ukusongela ngokusatshalaliswa kwedatha kulahlekelwa amandla alo.

Ukuze kwandiswe ukuqina ngokumelene ne-ransomware, izinhlangano eziningi zihlanganisa ukubethela nezinye izindlela ezifana nalezi: isitoreji esingaguquki noma esihlukaniswe yinethiwekhi (isikhala somoya)Ikhophi yasenqolobaneni engaguquki ayikwazi ukuguqulwa noma ukususwa ngesikhathi sokugcinwa kwayo, okuvimbela i-ransomware ekuyishintsheni ngisho noma ikwazile ukuyibona.

Le ndlela ivame kakhulu ngezixazululo ezifana I-Veeam Backup & Replication, ekuvumela ukuthi udale amakhophi angaguquki kusitoreji se-Linux noma ku-Amazon S3Uma ukungaguquguquki kusebenza kusukela ngesikhathi kudalwa ikhophi noma ikhophi, idatha yakho yesipele ivikelwe kokubili ekubethelweni okunonya kanye nokususwa ngengozi noma ngamabomu.

Ukubethela kusendleleni kanye nokubethela kuphumule

Kunoma yiluphi uhlaka lwesimanje lokusekelayo, kunezikhathi ezimbili lapho ukubethela kubalulekile khona: lapho idatha ihamba ngenethiwekhi nalapho ihlala endaweni yokugcina idatha. Ukubethela kusendleleni Kusho ukuvikela ulwazi ngenkathi ludluliselwa; ukubethela ekuphumuleni Lokhu kusho ukuyivikela ngenkathi igcinwe.

Ukubethela ekuthuthweni kusetshenziswa phakathi komthombo (iseva, isizindalwazi, i-NAS, njll.) kanye nendawo lapho ikhophi itholakala khona, ngokuvamile yi- amaphrothokholi afana ne-HTTPS, i-SSL/TLS, noma iziteshi ezibethelwe eziqondene nesixazululoNgale ndlela, uma othile ebamba ithrafikhi nge-sniffer, ngeke akwazi ukwakha kabusha idatha yesipele.

Ukubethela ngesikhathi sokuphumula kusebenza kumafayela okusekelayo asevele egciniwe: amakhatriji etheyiphu, amadiski, isitoreji samafu, izindawo zokugcina isofthiwe yokusekelayonjll. Lapha, kusetshenziswa ama-algorithms alinganayo njenge-AES, asekelwa kuhadiwe noma isofthiwe kuye ngeplatifomu.

Okungcono kakhulu, kufanele usebenzise zombili ngasikhathi sinye: bhala ngemfihlo idatha ngenkathi ithuthwa bese uyibhala ngemfihlo futhi (noma uyigcine ibhalwe ngemfihlo) endaweni oya kuyoLokhu kunciphisa ingozi yokungena kwenethiwekhi kanye nokufinyelela okungagunyaziwe kwisitoreji esingaphansi.

Izibonelo ezisebenzayo: izixazululo ezifana ne-Azure Backup encrypt traffic ene-HTTPS futhi ishiye idatha igcinwe ngaphansi kokubethela kwe-AES-256 ku-Azure Storage; I-NAKIVO inikeza ukubethela ohlangothini lomthombo, ukubethela kwenethiwekhi, kanye nokubethela kwesitoreji. Ukuze kuhlangatshezwane nazo zonke izimo, abahlinzeki bamafu abanjengoSynology C2 basebenzisa iziteshi ze-SSL/TLS ukuvikela ukudluliselwa.

Ama-algorithms okubethela asetshenziswa kuma-backups

Ngemuva kwama-backups abethelwe kukhona izibalo kanye ne-cryptography. Empeleni, cishe zonke izixazululo zesimanje ziyazisebenzisa. inhlanganisela yokubethela okulinganayo nokungalingani, futhi ngezinye izikhathi futhi imisebenzi ye-hash ukuqinisekisa ubuqotho kanye nobuqiniso.

Ukubethela okulinganayo kusebenzisa ukhiye owodwa ukubethela nokususa ukubethela. Ama-algorithms afana ne-AES, DES, 3DES, Blowfish, noma i-Twofish angaphansi kwaleli qembuI-AES (Advanced Encryption Standard) isibe yindinganiso yangempela ngenxa yokulinganisela kwayo phakathi kokuphepha nokusebenza.

Ukubethela okungalingani kusebenza ngezihluthulelo ezimbili: eyodwa yomphakathi kanye nenye yangasese. I-RSA, i-ECC, i-DSA noma i-Diffie-Hellman ziyizibonelo zama-algorithms angalinganiUkhiye womphakathi usetshenziselwa ukubethela, ukhiye oyimfihlo wokususa ukubethela, ofanele ukuvikela okhiye abalinganayo noma ukusungula iziteshi eziphephile.

Ezindaweni zokusekelayo, umkhuba ojwayelekile yilona: Bethela okuqukethwe kwangempela kwesipele nge-AES (isb., i-AES-256) bese uvikela lowo khiye we-AES nge-RSALokhu kukunikeza ukusebenza kokubethela okulinganayo kwedatha enkulu kanye nokuphepha kwe-cryptography engafani yokushintshana nokugcina ukhiye.

Ubude bokhiye bubalulekile. I-AES-256, enokhiye abangu-256-bit, inikeza izinga lokuphepha elibhekwa njengeliphezulu kakhulukuze kube seqophelweni lokuthi ohulumeni nezinkampani ezinkulu bayisebenzisela ukuvikela ulwazi oluyimfihlo. Ukuphoqelela ukhiye we-AES-256 ngezindlela zamanje, empeleni, akunakwenzeka.

Ezindaweni zenethiwekhi, ukuthengiselana kuvame ukuvikelwa nge I-TLS (ukuvela kwe-SSL), futhi kunconywa ukusebenzisa okungenani i-TLS 1.1 noma ngaphezuluAmaphrothokholi afana ne-HTTPS ahamba phezu kwe-TLS, evikela isiteshi phakathi kwamakhasimende namaseva okusekelayo noma phakathi kwezinto zikagesi namafu.

Ukubethela vs. Ukubethela: Izindima Ezihlukene

Kubalulekile ukungadidanisi ukubethela ne-hash. Ukubethela kuyaguqulwa (uma unenkinobho efanele), kuyilapho imisebenzi ye-hash iklanyelwe ukuba ingaguquki.Inhloso yayo akukhona ukufihla idatha, kodwa ukukhiqiza umunwe oyingqayizivele ovumela ukuqinisekiswa kobuqotho noma ubuqiniso.

Izici ezifana I-SHA-256 noma i-MD5 iguqula noma yikuphi ukufaka kube yintambo yobude obungaguqukiOkufakiwe okubili okufanayo kuzokhiqiza i-hash efanayo; uma i-hash ishintsha, uyazi ukuthi okuqukethwe kushintshiwe. Kuma-backup, ama-hashe asetshenziswa ukuqinisekisa ukuthi ifayela elibuyiselwe lifana nelokuqala.

Ama-hashe angasetshenziswa nasekuphathweni kwephasiwedi noma ukuhlonza amabhlogo edatha ngendlela ekhethekile. Kodwa azilokothi zithathe indawo yokubethela uma okufunayo kuwukuvimbela othile ekufundeni ulwazi.Ukuze ufihle okuqukethwe yikhophi, udinga ukubethela, hhayi nje i-hashing.

Izingozi kanye nokungalungi kokubethela ama-backups

Akuyona yonke into ebuhlungu; ukubethela ama-backup nakho kuletha izingozi ezithile okumele ziphathwe ngokucophelela. Okuyinhloko kusobala: Uma ulahlekelwa ukhiye noma iphasiwedi, ama-backup akho awasasebenzi.Akukho "umnyango wangemuva" osemthethweni wokukusindisa uma okhiye belahlekile noma bonakele.

Enye ingozi iphambene nalokho: ukuthi umhlaseli uthola ukufinyelela okhiye bakho bokubethelaUma kunjalo, noma ngabe ama-backup abethelwe ngokusemthethweni, empeleni ahlala eveziwe. Yingakho kubalulekile ukuvikela okhiye ngokucophelela, noma ngisho nangokucophelela kakhulu kunedatha uqobo.

Kukhona futhi izingozi eziqondene nabezindaba ezithile. Isibonelo, Amateyipu e-LTO-4 kuya ku-LTO-7 asekela ukubethela kwe-AES-256 kudrayivu yeteyipuUkhiye ugcinwa kudrayivu, hhayi kutheyiphu; uma kwenzeka ingozi ulahlekelwa amaseva okusekelayo kanye nedrayivu lapho ukhiye uhlala khona, ukubuyisa lawo mateyiphu kungase kungenzeki.

Ezingeni lokusebenza, ukubethela kuletha ubunzima kanye nokusetshenziswa kwezinsiza. Izinqubo zokukopisha nokubuyisela zingase zihambe kancane.ikakhulukazi ngezihluthulelo ezinde kakhulu noma kwihadiwe elinganiselwe. Ngaphezu kwalokho, ingqalasizinda ngokwayo (izindawo zokugcina, i-KMS, izitifiketi) iba yinkimbinkimbi kakhulu.

Ukuze kuncishiswe lezi zingozi, kunconywa kakhulu hlola ukubuyiselwa njalo kusuka kuma-backups abethelwe ezimweni ezahlukeneIndawo yokugcina izinto ithuthelwe kwenye indawo, okhiye batholwa ku-KMS, babuyiselwa kuma-tape abethelwe, njll. Akukho okubi kunokuthola inkinga ngosuku lwenhlekelele.

Ukuphathwa kokhiye wokubethela

Ukuphepha kwesistimu yokusekela ebethelwe yonke kuncike entweni eyodwa: okhiye. Ukusebenzisa ukhiye owodwa kukho konke kuyiphutha elikhulu, ngoba Uma lowo khiye usengozini, wonke umlando wakho wokusekelayo uyalahleka nawo.Indlela ehlakaniphile kakhulu yokwenza iwukuhlukanisa.

Empeleni kuyanconywa Sebenzisa okhiye abaningi bokubethela kumasethi edatha ahlukene, amaphrojekthi, noma izindawo (ukukhiqiza, ukukhiqiza kwangaphambilini, amakhophi abasebenzisi, amakhophi edathabheyisi abalulekile, njll.). Ukhiye ngamunye kumele ugcinwe ngokuphephile futhi ufinyeleleke kuphela ezindimeni ezidingekayo ngokuphelele.

Ukuphatha umjikelezo wokuphila kwalezi zikhiye (ukudala, ukuzungeza, ukuhoxiswa, ukubhujiswa okulawulwayo, ukuhlolwa kwezimali, njll.), ikhambi elifanele ukusebenzisa un sistema de ukuphathwa okubalulekile o I-KMS (Insizakalo Yokuphatha Izihluthulelo)Lezi zinhlelo zivumela ukuthi ingxenye enkulu yenqubo isebenze ngokuzenzakalela kanye nokusetshenziswa kwezinqubomgomo ezihlanganisiwe.

Kukhona ngisho nendinganiso yokusebenzisana, I-KMIP (Iphrothokholi Yokusebenzisana Kokuphatha Okuyinhloko)Lokhu kuvumela izixazululo ezahlukene zokusekelayo kanye nesitoreji ukuthi zixhumane nama-key vault kanye nama-HSM avela kubakhiqizi abahlukahlukene. Ama-key vault okugcina nokuphatha okhiye ngokuphephile nawo avamile.

Ngaphandle kokuphathwa kahle kwezihluthulelo, ukubethela kusuka ekubeni umngane kuye ekubeni yingozi: Noma ushiya izikhala zokuphepha ngenxa yamaphasiwedi angavikelekile kahle, noma usengozini yokulahlekelwa ukufinyelela kudatha yakhoUkuzithiba kubaluleke njengobuchwepheshe lapha.

Ukubethela kuzixazululo zesipele samafu: i-Azure ne-AWS

Amafu amakhulu omphakathi abelokhu eqinisa izinsizakalo zawo zokusekelayo ngezendlalelo zokubethela eziyinkimbinkimbi ngokwengeziwe. I-Azure Backup, njenge-AWS Backup, ihlanganisa ukubethela lapho iphumula futhi isendleleni ngokuzenzakalelayo., futhi uvumele ukusebenza ngezihluthulelo eziphethwe yipulatifomu noma yiklayenti uqobo.

Kubethelwe ku-Azure Backup

I-Azure Backup ibhala ngemfihlo ngokuzenzakalelayo yonke idatha egcinwe efwini isebenzisa Ukubethela kwesitoreji se-Azure nge-AES-256 okuhambisana ne-FIPS 140-2Ngaphezu kwalokho, ithrafikhi phakathi kwemithombo kanye nesitolo se-Recovery Services yenziwa nge-HTTPS ngaphakathi komgogodla we-Azure.

Le nsizakalo isebenzisa amazinga amaningana okubethela. Okokuqala, Ukubethela idatha esitolo sezinsizakalo zokubuyiselaokusebenzisa ngokuzenzakalelayo okhiye abaphethwe yipulatifomu. Umsebenzisi akudingeki enze lutho ukuze avumele lokhu kubethela lapho esephumule.

Uma udinga ukulawula okwengeziwe, ungakhetha okhiye abaphethwe ngamakhasimende (i-CMK) abagcinwe ku-Azure Key VaultKuleso simo, i-AES-256 DEK (Ukhiye Wokubethela Idatha) ivikela idatha yokusekelayo, futhi leyo DEK, nayo, ivikelwe ukhiye we-RSA owuphethe. Ungahoxisa ukufinyelela kwesitolo kukhiye nganoma yisiphi isikhathi, okukunikeza ukulawula okuphelele kokufinyelela kanye nomjikelezo wokuphila kwayo.

Kukhona futhi izinga elengeziwe elibizwa ngokuthi ukubethela kwezinga lengqalasizindaLokhu kunezela ungqimba lwesibili lokubethela engqalasizinda yesitoreji, ephethwe yipulatifomu. Ukuhlanganisa i-CMK nalokhu kubethela engqalasizinda kunikeza ukubethela okuphindwe kabili kwedatha efanayo yokusekelayo.

Ngokuphathelene nomthwalo womsebenzi, i-Azure Backup iyasekela imishini ebonakalayo enamadiski abethelwe ngokhiye beplatifomu kanye nokhiye beklayentikanye nama-VM avikelwe nge-Azure Disk Encryption (i-BitLocker ku-Windows, i-dm-crypt ku-Linux) kanye nezizindalwazi ze-SQL ezine-TDE evuliwe, uma nje ungenisa izitifiketi ezifanele lapho ubuyisela.

Ukubethela ku-AWS Backup

I-AWS Backup yethula umqondo wokuthi ukubethela okungekho emthonjeni ngezinhlobo zezinsiza ezilawulwa ngokugcwele. Lokhu kusho ukuthi indawo yokubuyisa (ikhophi) ingasebenzisa indlela ehlukile yokubethela kunensiza yokuqala.

Isibonelo, ungaba nebhakede le-Amazon S3 elibethelwe ngendlela eyodwa futhi Lungiselela ama-backups aphethwe yi-AWS Backup ukuze usebenzise ukhiye othize we-KMS ohlotshaniswa ne-vault yokusekelayoLeyo vault ichaza ukuthi iyiphi i-KMS key ebethela amakhophi agcinwe lapho.

Ngezinsizakusebenza ezingalawulwa yi-AWS Backup ngokugcwele, Amakhophi ngokuvamile athola izilungiselelo zokubethela zensiza yokuqala njengefaKulezo zimo kuzodingeka ulungiselele ukubethela ngokulandela iziqondiso zesevisi uqobo (i-EBS, i-RDS, njll.).

Uma ukopisha ama-backup phakathi kwama-akhawunti noma izifunda, i-AWS Backup ibhala ngokuzenzakalelayo ama-backup ezinhlobo eziningi zezinsiza. noma ngabe okwangempela bekungabethelweIkhophi ivikelwe ngokhiye we-KMS ohlotshaniswa nendawo yokugcina izinto.

Noma kunjalo, indima yakho ye-IAM kumele ibe nezimvume ezifanele kukhiye be-KMS abasetshenziselwa ukwenza isipele nokubuyisela; ngaphandle kwalokho, Imisebenzi ingaphawulwa njengephumelele ezingeni lokuhlelwa, kodwa ngaphandle kokufaka izinto ezikukhophi.Izinqubomgomo ze-IAM kanye nezinqubomgomo ezibalulekile ze-KMS kumele zivumelane, kufaka phakathi noma yiziphi izitatimende zokuphika kanye nokunikezwa.

Ukusetshenziswa kwe-AWS Backup I-AES-256 njenge-algorithm ejwayelekile yokubethela lawa makhophiNgaphezu kwalokho, ezimweni ezifana nokusekela ngokulondoloza izifunda ezihlukene, ukhiye ohambisana nendima yokuqala umsebenzi kumele ube nezimvume ezithile (isb., izinsiza ze-alias/aws/backup ku-DescribeKey) ukuze konke kusebenze ngaphandle kwamaphutha.

Izixazululo zokusekelayo zebhizinisi kanye nokubethela: i-NAKIVO, i-Veeam, i-MyQ, kanye ne-Synology C2

I-NAKIVO Backup & Replication

I-NAKIVO Backup & Replication ifaka indlela ephelele yokukopisha ukubethela. Isebenzisa i-AES-256 njenge-algorithm yokubhekisela futhi ikuvumela ukuthi usebenzise izinhlobo ezintathu zokubethela: emthonjeni, kunethiwekhi, kanye nasendaweni yokugcina idatha.

El ukubethela ohlangothini lomthombo (Kutholakala kusukela kunguqulo 11.0 kuya phambili) kuvumela idatha ukuthi ibethelwe ngaphakathi kwesistimu ekhiqiza ikhophi yasenqolobaneni, ukuze ihambe ibethelwe iye endaweni yokugcina futhi ihlale injalo kuyo yonke impilo yayo. Iwusizo kakhulu kumakhophi asefwini noma ezindaweni ezisatshalaliswe.

El ukubethela kwenethiwekhi Ivikela ithrafikhi phakathi kwabathuthi be-NAKIVO. Ezinguqulweni zangaphambi kuka-10.11.2, kwakudingeka abathuthi ababili emishinini ehlukene: umthuthi womthombo ucindezela futhi abhale idatha, bese umthuthi wendawo uyayikhipha bese eyibhala endaweni yokugcina idatha. Lokhu kuvumela ukuthi ukudluliselwa kubethelwe ngisho noma kungekho i-VPN., into ewusizo kakhulu ezindaweni ezikude.

El ukubethela kwesitoreji Ilungiselelwe lapho kudalwa indawo yokugcina isipele futhi isekelwa izinhlobo zesipele eziqhubekayo, kufaka phakathi okugcwele nokuqhubekayo, ikakhulukazi ezinhlelweni ze-Linux. Ukuvumela ukubethela kwezinga lokugcina isipele kuqinisekisa ukuthi wonke ama-backups agcinwe lapho abethelwe ngephasiwedi esethiwe.

Kufanele kuqashelwe ukuthi, e-NAKIVO, Indawo yokugcina ebethelwe ayikwazi ukusebenzisa ukungaguquguquki. Ngesikhathi esifanayo, uma uvumela ukubethela kuyo yonke indawo yokugcina, isici sokungaguquki siyakhutshazwa. Ngaphezu kwalokho, ikhambi lingahlanganiswa ne-AWS KMS ukuphatha amaphasiwedi nezinkinobho ngokuphephile futhi kuvinjelwe ukulahleka kwazo.

Ukubuyiselwa emuva kusuka kuma-backups abethelwe ku-NAKIVO kufana nendlela ejwayelekile, kodwa Uma i-KMS ingasebenzi, kuzodingeka ufake kabusha amaphasiwedi uma uxhumanisa izindawo zokugcina izinto ezintsha.Uma unayo i-KMS, vele uyivule kabusha bese ukhetha ukhiye osetshenziswe ngaphambilini.

I-Veeam kanye nokungaguquki njengokwengeza ekubetheleni

I-Veeam Backup & Replication ithole idumela ngokugxila kwayo ekuvikelweni kwe-ransomware. Ngaphezu kokusekela ukubethela kwesipele, Isebenzisa amakhono okungaguquki kwezinhlelo zamafayela e-Linux kanye nesitoreji se-S3. ukuqinisekisa ukuthi amakhophi awakwazi ukuguqulwa noma ukususwa ngesikhathi sokuphila kwawo.

Ngokusebenzisa okuzenzakalelayo, i-Veeam ivumela Dala ama-backups angaguquki ngokwendabuko ezindaweni zokugcina ze-Linux kanye namabhakede e-Amazon S3Njengoba ukungaguquguquki kusebenza kusukela ekudalweni kwekhophi noma ikhophi yayo, i-ransomware ayikwazi ukubethela noma ukususa amakhophi akho, noma ngabe ithola ukufinyelela kusitoreji.

Le ndlela, kuhlanganiswe nokubethela idatha lapho uphumule nalapho usendleleniInikeza ukuzivikela okuqinile: idatha ibethelwe ukuze kulondolozwe imfihlo futhi ayinakuguqulwa ukuze kulondolozwe ukutholakala nobuqotho.

I-MyQ: ukubethela kanye nokusekela ngokulondoloza idatha

Ezindaweni eziphethwe zokuphrinta nokulawula izindleko, izixazululo ezifana ne-MyQ nazo zihlanganisa izindlela zokusekela kanye nokubethela. Kusukela kuthebhu ethi Database Ungahlola isimo sedathabheyisi eyinhloko kanye nerejista, wenze amakhophi agciniwe, ubuyisele, futhi usebenze ngokubethela.

Ukuze wenze isipele sedatha yakho ye-MyQ, mane nje Finyelela esigabeni sedatha esiyinhloko, chofoza ku-Backup bese usetha iphasiwedi ongayikhethaUma isethiwe, leyo phasiwedi ivikela isipele; ngaphandle kwalokho, ikhophi idalwe ngaphandle kwesivikelo.

Umphumela uba ifayela i-database_*.zip ehlanganisa i-database ye-MyQ, imibiko, izitifiketi namafayela okucushwaUkuze ubuyisele, khetha ifayela le-ZIP kuthebhu efanayo, futhi uma ikhophi ivikelwe, faka iphasiwedi ehambisanayo.

Njengesendlalelo esengeziwe, i-MyQ ivumela Bethela isizindalwazi esiyinhloko usebenzisa isitifiketiUmkhiqizo awunikezi izitifiketi; lezi kumele zifakwe yikhasimende. Uma sezitholakala, zikhethwa kumenyu eyehlayo, kanti ezinye izinsizakalo azitholakali okwesikhashana ngesikhathi senqubo yokubethela noma yokungabetheli.

I-Synology C2: inhlanganisela ye-AES-256 kanye ne-RSA-2048

Uma udala umsebenzi we-Hyper Backup kusuka ku-NAS kuya ku-Synology C2, kukhiqizwa okhiye ababili be-AES-256: eyodwa yokubhala ngemfihlo amagama amafayela kanye nenye yohlobo oluyisipeleElokuqala lenza amagama angafundeki ohlangothini lweseva, ngakho akekho ongabona amagama akho efayela; elesibili lenziwa ngokungahleliwe ngenguqulo ngayinye yekhophi.

Ngemva kwesizukulwane, Ukhiye wenguqulo ubethelwe ngokhiye womphakathi we-RSA-2048 ngaphambi kokuba idatha ilayishwe kuseva. Ngale ndlela, noma ngabe othile uthole ukufinyelela kwisitoreji se-C2, wayengeke akwazi ukusebenzisa okhiye be-AES ngaphandle kokhiye wangasese ohambisanayo.

Ngasohlangothini lweklayenti, ukhiye womphakathi we-RSA kanye nokhiye wegama lefayela obhalwe ikhodi kuyatholakala. Uma i-Hyper Backup Explorer iqala, Ucelwa ukuthi usethe iphasiwedi ukuze uthole ukhiye wangasese we-RSAokuzodinga ukuthi ukhiphe ukubethela okhiye benguqulo, ngakho-ke, idatha.

Kubalulekile ukugcina lowo khiye wangasese uphephile, ngoba Noma yini ebethelwe ngokhiye womphakathi ingasuswa kuphela ngayo.I-Synology ikuvumela, njengesixazululo sokugcina, ukuthi ucele ukhiye wangasese ovikelwe ngephasiwedi ogcinwe ekugcineni kwawo, uma nje ukhumbula iphasiwedi. Uma ulahlekelwa ukhiye bese ukhohlwa iphasiwedi, idatha izolahleka unomphela.

Ngaphezu kwalokho, izikhungo zedatha ze-Synology C2 Babona kuphela idatha engenayo ehlobene ne-akhawunti yakho.Ukuxhumana phakathi kwe-NAS ne-C2 kwenziwa ngeziteshi ze-SSL ezibethelwe. Ukuqinisekiswa kwezinyathelo ezimbili nakho kungavunyelwa ukuthuthukisa ukuphepha kokufinyelela ku-akhawunti.

Izindlela zokubethela: isofthiwe, ihadiwe, kanye nefu

Ngaphandle kwezixazululo ezithile, singahlukanisa izindlela zokubethela isipele zibe amaqembu amathathu amakhulu: okusekelwe kusofthiwe, okusekelwe kuhadiwe, kanye nokusekelwe efwiniNgayinye inezinzuzo zayo kanye nezici zayo.

Ukubethela okusekelwe kwisofthiwe yikona okuvame kakhulu: izinhlelo zokusebenza zokusekelayo ngokwazo ziyafaka imisebenzi yokubethela eyakhelwe ngaphakathi esebenza ngesikhathi senqubo yokukopishaLokhu kugwema isidingo samathuluzi engeziwe futhi kwenza kube lula ukuphatha, uma ukhetha isofthiwe esebenzisa ama-algorithms aqinile futhi asesikhathini.

Kukhona nezinketho ezakhelwe ngaphakathi ezinhlelweni zokusebenza zomsebenzisi wokugcina. i-macOS ihlanganisa i-Time Machine ne-FileVault ukuze ibethele ama-backupsokuvumela ukuthi ama-backups abethelwe agcinwe ngisho naku- Amadivayisi e-NASKu-Windows, ukubethela amakhophi ngomlando wefayela kuyinkimbinkimbi kakhulu, kodwa kungafezwa kusetshenziswa i-BitLocker noma ezinye izendlalelo.

Ukubethela okusekelwe kwihadiwe kuncike kumadivayisi afaka phakathi amamojula okuphepha kwehadiwe (ama-HSM) noma izindlela zokubethela ezihlanganisiweLokhu kufaka phakathi amadivayisi afana nama-hard drive angaphandle, amakhadi e-PCIe, noma amathokheni e-USB agcina okhiye. Inzuzo ukuthi ukubethela kwenziwa ngqo kudivayisi, okwenza kube nzima kakhulu ukukhipha okhiye.

Okokugcina, ukubethela okusekelwe efwini kuncike kubahlinzeki abanikezayo ukubethela kusukela ekuqaleni kuze kube sekupheleni kanye nokugcina okuphephile ezikhungweni zabo zedathaKubalulekile ukuqinisekisa ukuthi idatha ibethelwe kudivayisi yendawo ngaphambi kokuyilayisha (i-E2EE) nokuthi nguwe kuphela ogcina ukhiye wokususa ukubethela, esikhundleni sokubethela "okusobala" lapho umhlinzeki enokufinyelela khona.

Uma usebenzisa izinsizakalo zamafu ngaphandle kokubethela kwazo, njengesitoreji esilula njengeDrayivu noma iDropbox, kunconywa ukuthi Sebenzisa ukubethela kumafayela okusekelayo ngokwakho kusengaphambili, ukuze banganciki ezinqubweni zokufinyelela zomhlinzeki noma bavezwe ekufinyeleleni kwangaphakathi noma ukwephulwa kwemithetho.

Indlela yokuqinisa ukuphepha kwama-backups

Ukubethela kuyinto eyisisekelo, kodwa akuyona yodwa. Ukuze kwakhiwe isu eliqinile lokuvikela idatha, kufanele kuhlanganiswe ezinye izinyathelo zenhlangano nezobuchwepheshe eziqinisa isimo sokuvikeleka.

Okokuqala, kubalulekile ukukhetha Izindawo zeseva ezivikelekile, ezikhungweni zedatha eziqinisekisiwe ezineziqinisekiso ezinhle zokuvikela ezingokoqobo nezinengqondoEzindaweni zamafu, kuyalulekwa ukukhetha izifunda ezinezinhlaka zomthetho eziqinile zokuvikela idatha.

Elinye iphuzu elibalulekile ukuvumela Ukuqinisekiswa kwezinto eziningi (i-MFA) kumasevisi okusekelayo nama-akhawunti okuphathaNgale ndlela, noma ngabe iphasiwedi iphumile, kuzoba nzima kakhulu kumhlaseli ukufinyelela ama-consoles nama-repository.

Kunconywa futhi ukuhlola njalo amalungelo okufinyelela kuma-repositories nama-consoles okusekelayongokususa abasebenzisi abangasadingi ukufinyelela, ukusebenzisa isimiso selungelo elincane, kanye nokuhlola izinguquko zemvume.

Futhi into izinhlangano eziningi ezingayinaki: hlola njalo ukubuyiselwa kwedathaAkwanele ukubona ukuthi imisebenzi yokusekelayo isiqediwe; kuyadingeka ukuqinisekisa ukuthi ulwazi oluphelele lungatholakala, ngaphakathi kwezikhathi ezidingekayo kanye nokusebenzisa okhiye bokubethela noma amaphasiwedi acacisiwe.

Sekukonke, inhlanganisela yokubethela okuqinile, ukuphathwa kahle kokhiye, ukungaguquguquki, ukuhlukaniswa kwamakhophi athile, i-MFA, kanye nokuhlolwa okuvamile kokubuyisela. Inikeza isivikelo esingcono kakhulu ekwebiweni, ekulahlekeni, noma ekonakalisweni kwedatha okunonya.yilokho kanye okufunayo ngekhophi yokusekelayo enhle ebethelwe.