Mhoro, Habr! Mune mhinduro kune mumwe wedu vaverengi vakabvunza mubvunzo unonakidza: "Sei uchida flash drive ine hardware encryption kana TrueCrypt iripo?" - uye akatoratidza zvimwe zvinonetsa nezve "Ungave sei nechokwadi chekuti hapana mabhukimaka musoftware uye hardware yeKingston drive. ?β Takapindura mibvunzo iyi muchidimbu, asi takazofunga kuti musoro wacho waikodzera kuongororwa kwakakosha. Izvi ndizvo zvatichaita mune ino post.
AES hardware encryption, senge software encryption, yave iripo kwenguva yakareba, asi inodzivirira sei data rakadzikama pane flash drive? Ndiani anosimbisa madhiraivha akadai, uye izvi zvitupa zvinogona kuvimbwa nazvo here? Ndiani anoda madhiraivha "akaoma" akadaro kana iwe uchigona kushandisa zvirongwa zvemahara seTrueCrypt kana BitLocker. Sezvauri kuona, musoro wakabvunzwa mumhinduro unomutsa mibvunzo yakawanda. Ngatiedzei kufunga zvose.
Ko hardware encryption inosiyana sei nesoftware encryption?
Panyaya yemadhiraivha (pamwe neHDDs uye SSDs), yakakosha chip iri padhishi redhisheni bhodhi inoshandiswa kuita hardware data encryption. Iyo ine yakavakirwa-mukati isina nhamba jenareta inogadzira encryption kiyi. Dhata inonyorerwa otomatiki uye nekukasira kucheneswa kana iwe waisa yako mushandisi password. Mune ino mamiriro, zvinenge zvisingaite kuwana iyo data pasina password.
Paunenge uchishandisa software encryption, "kuvhara" iyo data padhiraivha inopiwa nekunze software, iyo inoshanda seyakaderera-inodhura imwe nzira kune Hardware encryption nzira. Kuipa kwesoftware yakadaro kunogona kusanganisira iyo banal inodiwa yekugara ichigadziridzwa kuitira kuti ipe kuramba kune inogara ichivandudza yekubira maitiro. Uye zvakare, simba rekombuta maitiro (panzvimbo peyakaparadzana hardware chip) rinoshandiswa kudhipfenyura data, uye, kutaura zvazviri, mwero wekudzivirira wePC unosarudza mwero wekudzivirira kwekutyaira.
Chinhu chikuru chemadhiraivha ane Hardware encryption ndeye yakasarudzika cryptographic processor, kuvapo kwayo kunotiudza kuti encryption makiyi haambosiya USB drive, kusiyana nemakiyi esoftware anogona kuchengetwa kwenguva pfupi mu RAM yekombuta kana hard drive. Uye nekuti encryption yesoftware inoshandisa PC memory kuchengetedza nhamba yekuyedza kupinda, haigone kumisa brute simba kurwiswa papassword kana kiyi. Iyo yekupinza yekuyedza counter inogona kuramba ichigadziriswa neanorwisa kusvika otomatiki password yekupwanya chirongwa chawana iyo inodiwa musanganiswa.
Nenzira ..., mune zvakataurwa kune chinyorwa ""Vashandisi vakacherechedzawo kuti, semuenzaniso, chirongwa cheTrueCrypt chine inotakurika yekushandisa mode. Zvisinei, iyi haisi mukana mukuru. Ichokwadi ndechokuti munyaya iyi purogiramu yekuvhara inochengetwa mundangariro ye flash drive, uye izvi zvinoita kuti zvive nyore kurwiswa.
Pazasi mutsara: iyo software nzira haipe yakakwira mwero wekuchengetedza seAES encryption. Zvinonyanya kudzivirira. Nekune rimwe divi, software encryption ye data yakakosha ichiri nani pane kusave encryption zvachose. Uye chokwadi ichi chinotibvumira kusiyanisa zvakajeka pakati pemhando idzi dzecryptography: hardware encryption ye flash drives inodiwa, asi, yekambani yekambani (somuenzaniso, apo vashandi vekambani vanoshandisa madhiraivha akabudiswa kubasa); uye software inonyanya kukodzera kune zvinodiwa nemushandisi.
Nekudaro, Kingston inokamura madhiraivha ayo (semuenzaniso, IronKey S1000) kuita Basic uye Enterprise shanduro. Panyaya yekushanda uye kuchengetedza zvivakwa, zvakada kufanana kune imwe neimwe, asi iyo yemubatanidzwa vhezheni inopa kugona kubata dhiraivha uchishandisa SafeConsole/IronKey EMS software. Iine software iyi, dhiraivha inoshanda pamwe negore kana maseva emuno kumanikidza kure kuchengetedzwa kwepassword uye marongero ekuwana. Vashandisi vanopihwa mukana wekudzoreredza mapassword akarasika, uye vatariri vanokwanisa kushandura madhiraivha ayo asisashandiswe kumabasa matsva.
Kingston flash inotyaira sei neAES encryption basa?
Kingston inoshandisa 256-bit AES-XTS hardware encryption (ichishandisa sarudzo yakazara-yakareba kiyi) kune ese ayo akachengeteka madhiraivha. Sezvatakaona pamusoro apa, madhiraivha ane muchikamu chavo chip chakasiyana chekunyorera uye decrypting data, iyo inoshanda seanogara achishanda zvisina kujairika nhamba jenareta.
Paunobatanidza mudziyo kuchiteshi che USB kekutanga, iyo Initialization Setup Wizard inokukurudzira kuseta master password kuti uwane mudziyo. Mushure mekuita dhiraivha, encryption algorithms inozotanga kushanda zvinoenderana nezvinodiwa nemushandisi.
Panguva imwecheteyo, kumushandisi, musimboti wekushanda kweiyo flash drive icharamba isina kuchinjika - iye achiri kukwanisa kurodha uye kuisa mafaera mundangariro yemudziyo, senge pakushanda neyakajairwa USB flash drive. Musiyano chete ndewekuti kana iwe ukabatanidza iyo flash drive kune komputa nyowani, iwe unozofanirwa kuisa set password kuti uwane ruzivo rweruzivo rwako.
Sei uye ndiani anoda madhiraivha ane hardware encryption?
Kumasangano uko data rakadzama riri chikamu chebhizinesi (ringave rezvemari, hutano, kana hurumende), encryption ndiyo yakavimbika nzira yekudzivirira. AES Hardware encryption mhinduro inogona kushandiswa nechero kambani: kubva kuvanhu uye mabhizinesi madiki kusvika kumakambani makuru, pamwe nemauto nehurumende masangano. Kuti utarise nyaya iyi zvishoma zvakanyanya, kushandisa encrypted USB madhiraivha kunodiwa:
- Kuve nechokwadi chekuchengetedzwa kwedata rekambani yakavanzika
- Kuchengetedza ruzivo rwevatengi
- Kuchengetedza makambani kubva mukurasikirwa kwepurofiti uye kuvimbika kwevatengi
Zvakakosha kucherechedza kuti vamwe vanogadzira madhiraivha akachengeteka (kusanganisira Kingston) vanopa makambani mhinduro dzakagadzirirwa dzakagadzirirwa kuzadzisa zvinodiwa nezvinangwa zvevatengi. Asi mitsara-yakagadzirwa yakawanda (kusanganisira DataTraveler flash drives) inobata nemabasa avo zvakakwana uye inokwanisa kupa kuchengetedzwa kwekambani.
1. Kuve nechokwadi chekuchengetedzwa kwe data yekambani yakavanzika
Muna 2017, mumwe mugari weLondon akawana USB drive mune imwe yemapaki aive neasina-password-akadzivirirwa ruzivo ane chekuita nekuchengetedzwa kweHeathrow Airport, kusanganisira nzvimbo yemakamera ekutarisa uye ruzivo rwakadzama nezve matanho ekuchengetedza kana asvika. vakuru vakuru. Iyo flash drive yaivewo nedhata pamapasi emagetsi uye macode ekupinda kunzvimbo dzakaganhurirwa dzeairport.
Vaongorori vanoti chikonzero chemamiriro ezvinhu akadaro ndeyekusaziva kwecyber kwevashandi vekambani, vanogona "kudonhedza" data yakavanzika kuburikidza nekuregeredza kwavo. Flash dhiraivha ine hardware encryption inogadzirisa zvishoma dambudziko iri, nekuti kana dhiraivha yakadaro ikarasika, haugone kuwana iyo data pairi pasina master password yemuchengetedzi mumwe chete. Chero zvazvingaitika, izvi hazvipokane chokwadi chekuti vashandi vanofanirwa kudzidziswa kubata flash drive, kunyangwe isu tiri kutaura nezvemidziyo yakadzivirirwa nekunyorera.
2. Kuchengetedza ruzivo rwevatengi
Basa rinotonyanya kukosha kune chero sangano nderekutarisira data revatengi, iro risingafanirwe kuve pasi penjodzi yekukanganisa. Nenzira, irwo ruzivo urwu runowanzotamiswa pakati pezvikamu zvakasiyana zvebhizinesi uye, sekutonga, zvakavanzika: semuenzaniso, inogona kunge iine data nezvekutengeserana kwemari, nhoroondo yekurapa, nezvimwe.
3. Kudzivirirwa pakurasikirwa kwepurofiti uye kuvimbika kwevatengi
Kushandisa USB midziyo ine hardware encryption inogona kubatsira kudzivirira zvinoparadza zvinokonzeresa kumasangano. Makambani anotyora mitemo yekudzivirira data yega anogona kubhadhariswa mari hombe. Saka, mubvunzo unofanirwa kubvunzwa: zvakakosha here kutora njodzi yekugovana ruzivo pasina kuchengetedzwa kwakakodzera?
Kunyangwe pasina kufunga nezvekukanganisa kwemari, huwandu hwenguva uye zviwanikwa zvakashandiswa kugadzirisa tsikidzi dzinoitika dzinogona kuve dzakakoshawo. Pamusoro pezvo, kana kutyora kwedata kuchikanganisa data revatengi, kambani inoisa panjodzi kuvimbika kwemhando, kunyanya mumisika umo kune vakwikwidzi vanopa chigadzirwa chakafanana kana sevhisi.
Ndiani anovimbisa kusavapo kwe "bookmark" kubva kumugadziri kana uchishandisa madhiraivha ane hardware encryption?
Munyaya yatasimudza, mubvunzo uyu ungangove mumwe wemikuru. Pakati pezvinyorwa zvechinyorwa nezve Kingston DataTraveler dhiraivha, takawana mumwe mubvunzo unonakidza: "Ko zvishandiso zvako zvine maongororo kubva kune vechitatu-bato vakazvimiririra nyanzvi?" Zvakanaka ... inofarira zvine musoro: vashandisi vanoda kuve nechokwadi chekuti madhiraivha edu e USB haana zvikanganiso zvakajairika, senge isina kusimba encryption kana kugona kunzvenga password yekupinda. Uye muchikamu chino chechinyorwa tichataura pamusoro pekuti ndeapi maitirwo anoitwa neKingston dhiraivha asati agamuchira mamiriro echokwadi akachengeteka flash drive.
Ndiani anovimbisa kuvimbika? Zvinoita sekunge isu tinogona kutaura kuti, "Kingston akazviita - zvinovimbisa." Asi munyaya iyi, chirevo chakadaro chichave chisina kururama, sezvo mugadziri ari munhu anofarira. Naizvozvo, zvigadzirwa zvese zvinoedzwa nemunhu wechitatu ane hunyanzvi hwakazvimirira. Kunyanya, Kingston Hardware-encrypted madhiraivha (kunze kweDTLPG3) vatori vechikamu muCryptographic Module Validation Chirongwa (CMVP) uye vanopihwa zvitupa kuFederal Information Processing Standard (FIPS). Iwo madhiraivha zvakare anosimbiswa zvinoenderana neGLBA, HIPPA, HITECH, PCI uye GTSA zviyero.
1. Cryptographic module yekusimbisa chirongwa
Chirongwa cheCMVP chirongwa chakabatana cheNational Institute of Standards uye Tekinoroji yeUS Dhipatimendi reCommerce neCanadian Cyber ββββSecurity Center. Chinangwa chepurojekiti iyi kukurudzira kudiwa kwemidziyo yekristptographic yakaratidza uye nekupa metric dzekuchengetedza kumasangano emubatanidzwa uye maindasitiri anodzorwa (akadai semari nehutano hwehutano) anoshandiswa mukutenga michina.
Zvishandiso zvinoedzwa zvichipesana neseti yekriptographic uye kuchengetedza zvinodiwa neyakazvimiririra cryptography uye chengetedzo yekuongorora marabhoritari inotenderwa neNational Voluntary Laboratory Accreditation Chirongwa (NVLAP). Panguva imwecheteyo, mushumo wega wega wemurabhoritari unotariswa kutevedzera Federal Information Processing Standard (FIPS) 140-2 uye yakasimbiswa neCMVP.
Mamodule akaongororwa kuti FIPS 140-2 inoenderana anokurudzirwa kuti ashandiswe neUS neCanada masangano emubatanidzwa kusvika Gunyana 22, 2026. Mushure meizvi, ivo vanozoverengerwa mudura rezvinyorwa, kunyangwe ivo vachiri kukwanisa kushandiswa. Musi wa22 Gunyana, 2020, kugamuchirwa kwezvikumbiro zvekusimbiswa zvinoenderana neFIPS 140-3 mwero wakapera. Kamwe michina ikapfuura cheki, inozoendeswa kune inoshanda runyorwa rweyakaedzwa uye yakavimbika michina kwemakore mashanu. Kana iyo cryptographic mudziyo isingapfuure kuongororwa, kushandiswa kwayo mumasangano ehurumende muUnited States neCanada hakukurudzirwe.
2. Ndezvipi zvekuchengetedza zvinodiwa zvinoiswa neFIPS certification?
Kubira data kunyangwe kubva kune isina certified encrypted drive kwakaoma uye vashoma vanhu vanogona kuita, saka kana uchisarudza mutengi dhiraivha yekushandisa pamba nechitupa, haufanirwe kunetseka. Muchikamu chemakambani, mamiriro acho akasiyana: pakusarudza akachengeteka madhiraivha e USB, makambani anowanzo batanidza kukosha kune FIPS certification mazinga. Nekudaro, havasi vese vane pfungwa yakajeka yezvinoreva mazinga aya.
Iyo yazvino FIPS 140-2 chiyero inotsanangura mana akasiyana mazinga ekuchengetedza ayo madhiraivha anogona kusangana. Yekutanga nhanho inopa ine mwero seti yezvinhu zvekuchengetedza. Yechina nhanho inoreva zvakaomesesa zvinodiwa zvekuzvidzivirira kwemidziyo. Matanho echipiri nenhatu anopa gradation yezvinodikanwa izvi uye anoumba rudzi rwegoridhe zvinoreva.
- Level XNUMX Chengetedzo: Level XNUMX yakasimbiswa USB madhiraivha inoda kamwechete encryption algorithm kana imwe chengetedzo ficha.
- Chikamu chechipiri chekuchengeteka: pano motokari inodiwa kwete kungopa kuchengetedzwa kwekrisptographic, asiwo kuona kupindira kusina kubvumirwa pa firmware level kana mumwe munhu achiedza kuzarura motokari.
- Yechitatu nhanho yekuchengetedza: inosanganisira kudzivirira kubira nekuparadza encryption "makiyi". Ndiko kuti, mhinduro kune kuedza kupinda kunodiwa. Zvakare, nhanho yechitatu inovimbisa mwero wepamusoro wedziviriro kubva pakukanganiswa kwemagetsi: ndiko kuti, kuverenga data kubva kune flash drive uchishandisa isina waya yekubira michina haishande.
- Chikamu chechina chekuchengetedza: yepamusoro-soro, iyo inosanganisira kuchengetedzwa kwakakwana kwekristptographic module, iyo inopa mukana mukuru wekuona uye kupikisa kune chero kupi zvako kusina kubvumirwa kuedza nemushandisi asina kubvumirwa. Madhiraivha akagamuchira chitupa chechikamu chechina anosanganisirawo sarudzo dzedziviriro dzisingabvumidze kubira nekushandura voltage uye ambient tembiricha.
Aya madhiraivha eKingston anotevera anosimbiswa kune FIPS 140-2 Level 2000: DataTraveler DT4000, DataTraveler DT2G1000, IronKey S300, IronKey D10. Chinhu chakakosha cheaya madhiraivha kugona kwavo kupindura kune intrusion kuyedza: kana password yaiswa zvisirizvo kaXNUMX, iyo data iri padhiraivha ichaparadzwa.
Chii chimwe chinogona kuitwa neKingston flash drive kunze kwekunge encryption?
Kana zvasvika pakuzadzisa chengetedzo yedata, pamwe chete nehardware encryption ye flash drive, yakavakirwa-mukati maantivirus, kuchengetedzwa kubva kune ekunze pesvedzero, kuwiriranisa nemakore ega uye zvimwe zvinhu zvatichakurukura pazasi zvinouya kuzonunura. Iko hakuna misiyano yakakura mumadhiraivha ane software encryption. Dhiyabhorosi ari muhuwandu. Uye heino chii.
1. Kingston DataTraveler 2000
Ngatitorei USB drive semuenzaniso. . Iyi ndeimwe yemadhiraivha ane hardware encryption, asi panguva imwe chete imwe chete ine yayo yemuviri keyboard pane iyo kesi. Iyi bhatani-11 keypad inoita kuti DT2000 ive yakazvimiririra zvachose kune anotambira masisitimu (kuti ushandise iyo DataTraveler 2000, unofanira kudzvanya bhatani reKiyi, wozoisa password yako, wodzvanya bhatani reKiyi zvakare). Mukuwedzera, iyi flash drive ine IP57 dhigirii yekudzivirira kubva kumvura neguruva (zvinoshamisa kuti Kingston haatauri izvi chero kupi zvako papakeji kana mune zvakatemwa pawebhusaiti yepamutemo).
Kune 2000mAh lithium polymer bhatiri mukati meDataTraveler 40, uye Kingston anopa zano vatengi kuti vavhare dhiraivha muchiteshi che USB kweinenge awa vasati vaishandisa kubvumira bhatiri kuchaja. Nenzira, mune imwe yezvigadzirwa zvekare : Hapana chikonzero chekunetseka - iyo flash drive haina kuisirwa mujaja nekuti hapana zvikumbiro kune controller nehurongwa. Naizvozvo, hapana anoba data rako kuburikidza newireless intrusions.
2. Kingston DataTraveler Locker+ G3
Kana tikataura nezve Kingston modhi - inokwezva kutariswa nekugona kugadzirisa data backup kubva kune flash drive kuenda kuGoogle Cloud kuchengetedza, OneDrive, Amazon Cloud kana Dropbox. Kubatanidza data nemasevhisi aya kunopihwa zvakare.
Mumwe wemibvunzo yatinobvunzwa nevaverengi vedu ndewekuti: "Asi sei kutora encrypted data kubva kune backup?" Very simple. Icho chokwadi ndechekuti kana uchiwiriranisa negore, ruzivo rwunobviswa, uye kuchengetedzwa kwekuchengetedza pagore kunoenderana nekugona kwegore pacharo. Naizvozvo, maitiro akadaro anoitwa chete pakufunga kwemushandisi. Pasina mvumo yake, hapana data ichaiswa kune gore.
3. Kingston DataTraveler Vault Yakavanzika 3.0
Asi iyo Kingston inoshandisa Ivo zvakare vanouya neyakavakirwa-mukati Drive Security antivirus kubva kuESET. Iyo yekupedzisira inodzivirira data kubva pakupinda kwe USB drive nemavhairasi, spyware, Trojans, worms, rootkits, uye kubatana kune vamwe vanhu makomputa, mumwe angati, haatyi. Iyo antivirus ichabva yayambira muridzi wedhiraivha nezve zvinogona kutyisidzira, kana paine zvaonekwa. Muchiitiko ichi, mushandisi haafaniri kuisa anti-virus software pachake uye kubhadhara iyi sarudzo. ESET Drive Chengetedzo inofanoiswa pane flash drive ine rezinesi remakore mashanu.
Kingston DT Vault Privacy 3.0 yakagadzirwa uye yakanangwa zvakanyanya kuIT nyanzvi. Inobvumira vatariri kuti vashandise sedhiraivha yakamira kana kuiwedzera sechikamu chepakati manejimendi mhinduro, uye inogona zvakare kushandiswa kugadzirisa kana kure kure kumisa mapassword uye kugadzirisa marongero emudziyo. Kingston akatowedzera USB 3.0, iyo inokutendera iwe kuendesa data rakachengeteka nekukurumidza kupfuura USB 2.0.
Pakazere, DT Vault Yakavanzika 3.0 isarudzo yakanakisa yekambani yemakambani uye masangano anoda kuchengetedzwa kwakanyanya kwedata ravo. Inogona zvakare kukurudzirwa kune vese vashandisi vanoshandisa makomputa ari paruzhinji network.
Kuti uwane rumwe ruzivo nezve Kingston zvigadzirwa, bata .
Source: www.habr.com