Sawubona, Habr! Kumazwana komunye wethu abafundi babuze umbuzo othokozisayo: "Kungani udinga i-flash drive ene-Hardware encryption lapho i-TrueCrypt itholakala?" - futhi yaveza nokukhathazeka okuthile mayelana "Ungaqinisekisa kanjani ukuthi awekho amabhukumaka ku-software ne-hardware ye-Kingston drive ?” Siphendule le mibuzo ngamafuphi, kodwa sabe sesinquma ukuthi isihloko sifanele ukuhlaziya okuyisisekelo. Yilokhu esizokwenza kulokhu okuthunyelwe.
I-AES hardware encryption, njengokubethela kwesofthiwe, sekunesikhathi eside ikhona, kodwa iyivikela kanjani idatha ebucayi kuma-flash drive? Ubani oqinisekisa amadrayivu anjalo, futhi ingabe lezi zitifiketi zingathenjwa? Ubani odinga ama-flash drive "ayinkimbinkimbi" anjalo uma ungasebenzisa izinhlelo zamahhala ezifana ne-TrueCrypt noma i-BitLocker. Njengoba ubona, isihloko esibuzwe kumazwana siphakamisa imibuzo eminingi ngempela. Ake sizame ukuthola konke.
Ingabe ukubethela kwehadiwe kuhluke kanjani ekubetheleni kwesofthiwe?
Endabeni yama-flash drives (kanye nama-HDD nama-SSD), i-chip ekhethekile etholakala ebhodini lesifunda ledivayisi isetshenziselwa ukusebenzisa ukubethela kwedatha yehadiwe. Inenombolo eyakhelwe ngaphakathi engahleliwe ekhiqiza okhiye bokubethela. Idatha ibethelwa ngokuzenzakalelayo futhi isuswe ukubethela ngokushesha lapho ufaka iphasiwedi yakho yomsebenzisi. Kulesi simo, cishe akunakwenzeka ukufinyelela idatha ngaphandle kwephasiwedi.
Uma usebenzisa ukubethela kwesofthiwe, "ukukhiya" idatha kudrayivu kunikezwa isofthiwe yangaphandle, esebenza njengenye indlela engabizi kakhulu yezindlela zokubethela zehadiwe. Ukungalungi kwesofthiwe enjalo kungase kuhlanganise imfuneko yokuvinjelwa kwezibuyekezo ezivamile ukuze kunikeze ukumelana namasu okugebenga ahlala ethuthuka. Ngaphezu kwalokho, amandla enqubo yekhompiyutha (kunokuba i-chip ye-hardware ehlukile) isetshenziselwa ukufihla idatha, futhi, empeleni, izinga lokuvikelwa kwe-PC linquma izinga lokuvikelwa kwedrayivu.
Isici esiyinhloko samadrayivu anombhalo wehadiwe yi-cryptographic processor ehlukile, ukuba khona kwayo kusitshela ukuthi okhiye bokubethela abalokothi bashiye idrayivu ye-USB, ngokungafani nokhiye besoftware abangagcinwa okwesikhashana ku-RAM yekhompyutha noma ku-hard drive. Futhi ngenxa yokuthi ukubethela kwesofthiwe kusebenzisa inkumbulo ye-PC ukuze kugcinwe inombolo yemizamo yokungena ngemvume, akukwazi ukumisa ukuhlasela okunamandla kwephasiwedi noma ukhiye. Isibali somzamo wokungena ngemvume singasethwa kabusha ngokuqhubekayo umhlaseli kuze kube uhlelo oluzenzakalelayo lokuqhekeka kwephasiwedi luthola inhlanganisela oyifunayo.
Ngendlela ..., kumazwana esihlokweni esithi "“Abasebenzisi baphinde baqaphela ukuthi, ngokwesibonelo, uhlelo lwe-TrueCrypt lunemodi yokusebenza ephathekayo. Nokho, lokhu akuyona inzuzo enkulu. Iqiniso liwukuthi kuleli cala uhlelo lokubethela lugcinwa kumemori ye-flash drive, futhi lokhu kwenza kube sengozini yokuhlaselwa.
Okubalulekile: indlela yesofthiwe ayinikezi izinga eliphezulu lokuphepha njengokubethela kwe-AES. Kungaphezulu kokuzivikela okuyisisekelo. Ngakolunye uhlangothi, ukubethela kwesofthiwe kwedatha ebalulekile kusengcono kunokungabetheli nhlobo. Futhi leli qiniso lisivumela ukuba sihlukanise ngokucacile phakathi kwalezi zinhlobo ze-cryptography: ukubethela kwe-hardware yama-flash drives kuyisidingo, kunalokho, emkhakheni wezinkampani (isibonelo, lapho abasebenzi benkampani basebenzisa amadrayivu akhishwe emsebenzini); futhi isofthiwe ifaneleka kakhulu izidingo zabasebenzisi.
Nokho, i-Kingston ihlukanisa amamodeli ayo okushayela (ngokwesibonelo, i-IronKey S1000) ibe izinguqulo eziyisisekelo nezebhizinisi. Mayelana nokusebenza kanye nezakhiwo zokuvikela, zicishe zifane, kodwa inguqulo yenkampani inikeza ikhono lokuphatha idrayivu kusetshenziswa isofthiwe ye-SafeConsole/IronKey EMS. Ngale softhiwe, idrayivu isebenza namaseva efu noma wendawo ukuze kuphoqelelwe ukude ukuvikela iphasiwedi kanye nezinqubomgomo zokufinyelela. Abasebenzisi banikezwa ithuba lokubuyisela amaphasiwedi alahlekile, futhi abalawuli bayakwazi ukushintsha amadrayivu angasasebenzi emisebenzini emisha.
Isebenza kanjani i-Kingston flash drives enomsebenzi wokubethela we-AES?
I-Kingston isebenzisa ukubethela kwehadiwe okungu-256-bit AES-XTS (isebenzisa ukhiye ozikhethela wobude obugcwele) kuwo wonke amadrayivu ayo avikelekile. Njengoba siphawulile ngenhla, ama-flash drives aqukethe engxenyeni yawo i-chip ehlukile yokubethela kanye nokususa ukubethela kwedatha, esebenza njengejeneretha yenombolo engahleliwe ehlala isebenza.
Uma uxhuma idivayisi embobeni ye-USB okokuqala ngqa, Iseluleki Sokusethwa Kokuqalisa sikwazisa ukuthi usethe igama-mfihlo eliyinhloko ukuze ufinyelele idivayisi. Ngemuva kokwenza idrayivu isebenze, ama-algorithms okubethela azoqala ukusebenza ngokuzenzakalelayo ngokuhambisana nezintandokazi zomsebenzisi.
Ngesikhathi esifanayo, kumsebenzisi, isimiso sokusebenza kwe-flash drive sizohlala singashintshiwe - usazokwazi ukulanda futhi abeke amafayela kwimemori yedivayisi, njengalapho esebenza nge-USB flash drive evamile. Umehluko kuphela ukuthi uma uxhuma i-flash drive kukhompyutha entsha, uzodinga ukufaka iphasiwedi ebekiwe ukuze uthole ukufinyelela kolwazi lwakho.
Kungani futhi ubani odinga ama-flash drive ngokubethela kwehadiwe?
Ezinhlanganweni lapho idatha ebucayi iyingxenye yebhizinisi (noma ngabe ezezimali, ezokunakekelwa kwezempilo, noma uhulumeni), ukubethela kuyindlela ethembeke kakhulu yokuvikela. Ukubethela kwe-AES hardware kuyisixazululo esiyingozi esingasetshenziswa yinoma iyiphi inkampani: kusukela kubantu ngabanye namabhizinisi amancane kuya ezinkampanini ezinkulu, kanye nezinhlangano zezempi nezikahulumeni. Ukubheka le nkinga ngokuthe ngqo, ukusebenzisa amadrayivu e-USB abethelwe kuyadingeka:
- Ukuqinisekisa ukuvikeleka kwedatha yenkampani eyimfihlo
- Ukuvikela imininingwane yekhasimende
- Ukuvikela izinkampani ekulahlekelweni yinzuzo nokwethembeka kwamakhasimende
Kuyaphawuleka ukuthi abanye abakhiqizi bama-flash drive avikelekile (okuhlanganisa ne-Kingston) bahlinzeka izinkampani ngezixazululo ezenziwe ngokwezifiso eziklanyelwe ukuhlangabezana nezidingo nezinjongo zamakhasimende. Kodwa imigqa ekhiqizwe ngobuningi (okuhlanganisa nama-flash drives e-DataTraveler) ibhekana kahle nemisebenzi yayo futhi iyakwazi ukuhlinzeka ngokuvikeleka kwesigaba senkampani.
1. Ukuqinisekisa ukuvikeleka kwedatha yenkampani eyimfihlo
Ngo-2017, isakhamuzi saseLondon sathola idrayivu ye-USB kwelinye lamapaki eliqukethe imininingwane engavikelekile ehlobene nokuphepha kwesikhumulo sezindiza i-Heathrow Airport, okuhlanganisa indawo yamakhamera aqaphayo kanye nemininingwane enemininingwane mayelana nezindlela zokuphepha uma kwenzeka befika. izikhulu eziphezulu. I-flash drive ibiqukethe idatha yamaphasi e-electronic namakhodi okufinyelela ezindaweni ezikhawulelwe zesikhumulo sezindiza.
Abahlaziyi bathi isizathu sezimo ezinjalo ukungafundi nge-inthanethi kwabasebenzi benkampani, “abangakwazi ukuvuza” imininingwane eyimfihlo ngobudedengu babo. Amadrayivu e-Flash ane-encryption ye-Hardware axazulula le nkinga kancane, ngoba uma idrayivu enjalo ilahlekile, ngeke ukwazi ukufinyelela idatha kuyo ngaphandle kwephasiwedi eyinhloko yesiphathimandla sezokuphepha esifanayo. Kunoma yikuphi, lokhu akuphikisani neqiniso lokuthi abasebenzi kufanele baqeqeshelwe ukuphatha ama-flash drive, ngisho noma sikhuluma ngamadivayisi avikelwe ukubethela.
2. Ukuvikela imininingwane yekhasimende
Umsebenzi obaluleke nakakhulu wanoma iyiphi inhlangano ukunakekela idatha yekhasimende, okungafanele ibe ngaphansi kwengozi yokuyekethisa. Ngendlela, yilolu lwazi oluvame ukudluliselwa phakathi kwemikhakha yebhizinisi ehlukene futhi, njengomthetho, luyimfihlo: isibonelo, lungaqukatha idatha mayelana nokuthengiselana kwezezimali, umlando wezokwelapha, njll.
3. Ukuvikelwa ekulahlekelweni yinzuzo kanye nokwethembeka kwekhasimende
Ukusebenzisa amadivayisi e-USB anombhalo wehadiwe wehadiwe kungasiza ukuvikela imiphumela elimazayo ezinhlanganweni. Izinkampani ezephula imithetho yokuvikela idatha yomuntu siqu zingahlawuliswa izizumbulu zemali. Ngakho-ke, umbuzo kufanele ubuzwe: ingabe kufanelekile ukuthatha ingozi yokwabelana ngolwazi ngaphandle kokuvikelwa okufanele?
Ngisho nangaphandle kokucabangela umthelela wezezimali, inani lesikhathi nezisetshenziswa ezichithwe kulungiswa iziphazamisi zokuphepha ezenzekayo zingabaluleka ngendlela efanayo. Ukwengeza, uma ukwephulwa kwedatha kubeka engcupheni idatha yekhasimende, inkampani ibeka engcupheni ukwethembeka komkhiqizo, ikakhulukazi ezimakethe lapho kukhona izimbangi ezihlinzeka ngomkhiqizo noma isevisi efanayo.
Ubani oqinisekisa ukungabikho "kwamabhukhimakhi" kumkhiqizi lapho usebenzisa amadrayivu e-flash ngokubethela kwehadiwe?
Esihlokweni esisiphakamisile, lo mbuzo mhlawumbe ungomunye wemiqoka. Phakathi kwamazwana esihlokweni esimayelana namadrayivu e-Kingston DataTraveler, sihlangabezane nomunye umbuzo othakazelisayo: “Ingabe amadivayisi akho anokucwaninga okuvela kongoti abazimele bezinkampani zangaphandle?” Hhayi-ke... kuyintshisekelo enengqondo: abasebenzisi bafuna ukwenza isiqiniseko sokuthi amadrayivu ethu e-USB awaqukethe amaphutha avamile, njengokubethela okubuthakathaka noma amandla okudlula ukufakwa kwephasiwedi. Futhi kule ngxenye ye-athikili sizokhuluma ngokuthi yiziphi izinqubo zesitifiketi eziqhutshwa yi-Kingston ngaphambi kokuthola isimo se-flash drive ephephe ngempela.
Ubani oqinisekisa ukwethembeka? Kubukeka sengathi singasho kahle ukuthi, "UKingston uyenzile - uyakuqinisekisa." Kodwa kulokhu, isitatimende esinjalo sizobe singalungile, ngoba umenzi unesithakazelo. Ngakho-ke, yonke imikhiqizo ihlolwa ngumuntu wesithathu onobuchwepheshe obuzimele. Ikakhulukazi, amadrayivu e-Kingston hardware-encrypted (ngaphandle kwe-DTLPG3) angabambiqhaza Ohlelweni Lokuqinisekisa Imojula ye-Cryptographic (CMVP) futhi agunyazwe ku-Federal Information Processing Standard (FIPS). Amadrayivu aphinde aqinisekiswe ngokuya ngamazinga e-GLBA, HIPPA, HITECH, PCI kanye ne-GTSA.
1. Uhlelo lokuqinisekisa imojuli ye-Cryptographic
Uhlelo lwe-CMVP iphrojekthi ehlanganyelwe ye-National Institute of Standards and Technology yoMnyango Wezohwebo wase-US kanye ne-Canadian Cyber Security Center. Umgomo wale phrojekthi uwukugqugquzela isidingo samadivayisi e-cryptographic afakazelwe kanye nokuhlinzeka ngamamethrikhi okuphepha kuma-ejensi wenhlangano nezimboni ezilawulwayo (njengezikhungo zezezimali nezokunakekelwa kwezempilo) ezisetshenziswa ekuthengeni imishini.
Amadivayisi ahlolwe ngokumelene nesethi yezidingo ze-cryptographic kanye zokuphepha ngamalabhorethri okuhlola ukuphepha azimele agunyazwe Uhlelo Lokugunyazwa Kwelabhorethri Kazwelonke (i-NVLAP). Ngesikhathi esifanayo, umbiko waselabhorethri ngamunye uhlolwa ukuthi uyahambisana yini ne-Federal Information Processing Standard (FIPS) 140-2 futhi uqinisekiswa yi-CMVP.
Amamojula aqinisekiswe njengokuthobela kwe-FIPS 140-2 anconyiwe ukuthi asetshenziswe izinhlangano zikahulumeni zase-US kanye ne-Canadian kuze kube uSepthemba 22, 2026. Ngemva kwalokhu, zizofakwa ohlwini lwengobo yomlando, nakuba zisazokwazi ukusetshenziswa. Ngomhla zingama-22 kuSepthemba 2020, ukwamukelwa kwezicelo zokuqinisekiswa ngokwezinga le-FIPS 140-3 kwaphela. Uma amadivayisi esephumelele ukuhlolwa, azohanjiswa kuhlu olusebenzayo lwamadivayisi ahloliwe nathenjwayo iminyaka emihlanu. Uma idivayisi ye-cryptographic ingaphumeleli ukuqinisekiswa, ukusetshenziswa kwayo ezikhungweni zikahulumeni e-United States nase-Canada akunconywa.
2. Yiziphi izidingo zokuphepha ezibekwa isitifiketi se-FIPS?
Ukugebenga idatha ngisho nakudrayivu ebethelwe engaqinisekisiwe kunzima futhi bambalwa abantu abangakwenza, ngakho-ke lapho ukhetha idrayivu yomthengi ukuze isetshenziswe ekhaya ngesitifiketi, akudingekile ukuba uzihluphe. Emkhakheni wezinkampani, isimo sihlukile: lapho kukhethwa amadrayivu e-USB avikelekile, izinkampani zivame ukunamathisela ukubaluleka emazingeni ezitifiketi ze-FIPS. Nokho, akuwona wonke umuntu onombono ocacile wokuthi la mazinga asho ukuthini.
Izinga lamanje le-FIPS 140-2 lichaza amazinga amane okuphepha ahlukene ama-flash drive angahlangana nawo. Ileveli yokuqala inikeza isethi emaphakathi yezici zokuphepha. Ileveli yesine isho izidingo eziqinile zokuzivikela kwamadivayisi. Izinga lesibili nelesithathu lihlinzeka ngokuhlelwa kwalezi zidingo futhi lakha uhlobo lwencazelo esagolide.
- Ukuvikeleka Kwezinga XNUMX: Amadrayivu e-USB aqinisekisiwe eleveli XNUMX adinga okungenani i-algorithm yokubethela eyodwa noma esinye isici sokuvikela.
- Izinga lesibili lokuphepha: lapha idrayivu iyadingeka hhayi kuphela ukunikeza ukuvikelwa kwe-cryptographic, kodwa futhi nokubona ukungena okungagunyaziwe ezingeni le-firmware uma othile ezama ukuvula idrayivu.
- Izinga lesithathu lokuphepha: libandakanya ukuvimbela ukugebenga ngokucekela phansi “okhiye” bokubethela. Okungukuthi, impendulo emizamweni yokungena iyadingeka. Futhi, izinga lesithathu liqinisekisa izinga eliphakeme lokuvikelwa ekuphazamisekeni kwe-electromagnetic: okungukuthi, ukufunda idatha kusuka ku-flash drive usebenzisa amadivaysi okugenca okungenantambo ngeke kusebenze.
- Izinga lesine lokuphepha: izinga eliphezulu kakhulu, elibandakanya ukuvikela okuphelele kwemojuli ye-cryptographic, ehlinzeka ngamathuba aphezulu okutholwa kanye nokuphikisana nanoma yimiphi imizamo yokufinyelela engagunyaziwe yomsebenzisi ongagunyaziwe. Amadrayivu e-flash athole isitifiketi sezinga lesine ahlanganisa nezinketho zokuvikela ezingakuvumeli ukugetshengwa ngokushintsha i-voltage kanye nezinga lokushisa le-ambient.
Amadrayivu alandelayo e-Kingston aqinisekisiwe ku-FIPS 140-2 Level 2000: DataTraveler DT4000, DataTraveler DT2G1000, IronKey S300, IronKey D10. Isici esiyinhloko salezi zishayeli yikhono labo lokuphendula umzamo wokungena: uma iphasiwedi ifakwe ngokungalungile izikhathi ezingu-XNUMX, idatha eku-drive izobhujiswa.
Yini enye engenziwa yi-Kingston flash drive ngaphandle kokubethela?
Uma kuziwa ekuqedeni ukuphepha kwedatha, kanye nokubethelwa kwehadiwe kwama-flash drives, ama-antivirus akhelwe ngaphakathi, ukuvikelwa emathonyeni angaphandle, ukuvumelanisa namafu omuntu siqu nezinye izici esizoxoxa ngazo ngezansi zizokusiza. Awukho umehluko omkhulu kuma-flash drive ane-software encryption. Usathane emininingwaneni. Futhi nakhu.
1. Kingston DataTraveler 2000
Ake sithathe idrayivu ye-USB njengesibonelo. . Lena enye yamadrayivu e-flash ane-Hardware encryption, kodwa ngesikhathi esifanayo iyona kuphela enekhibhodi yayo ebonakalayo ecaleni. Le khiphedi enezinkinobho ezingu-11 yenza i-DT2000 izimele ngokuphelele ezinhlelweni zokusingatha (ukuze usebenzise i-DataTraveler 2000, kufanele ucindezele inkinobho ethi Ukhiye, bese ufaka iphasiwedi yakho, bese ucindezela inkinobho ethi Ukhiye futhi). Ngaphezu kwalokho, le flash drive inezinga le-IP57 lokuvikela emanzini nothuli (okumangazayo ukuthi i-Kingston ayisho lokhu noma yikuphi ekupakishweni noma ekucacisweni okukuwebhusayithi esemthethweni).
Kunebhethri ye-lithium polymer engu-2000mAh ngaphakathi kwe-DataTraveler 40, futhi u-Kingston weluleka abathengi ukuthi baxhume idrayivu embotsheni ye-USB okungenani ihora ngaphambi kokuyisebenzisa ukuze ibhethri lishaje. Ngendlela, kwenye yezinto zangaphambilini : Asikho isizathu sokukhathazeka - i-flash drive ayicushiwe kushaja ngoba azikho izicelo kumlawuli ngesistimu. Ngakho-ke, akekho ozontshontsha idatha yakho ngokungena okungenantambo.
2. I-Kingston DataTraveler Locker+ G3
Uma sikhuluma ngemodeli yaseKingston - iheha ukunakwa ngekhono lokumisa isipele sedatha kusuka ku-flash drive kuya kwisitoreji samafu se-Google, i-OneDrive, i-Amazon Cloud noma iDropbox. Ukuvumelanisa idatha nalawa masevisi nakho kuhlinzekiwe.
Omunye wemibuzo esibuzwa ngabafundi bethu uthi: “Kodwa ungayithatha kanjani idatha ebethelwe kukhophi yasenqolobaneni?” Kulula kakhulu. Iqiniso liwukuthi lapho ukuvumelanisa nefu, ulwazi luyasuswa, futhi ukuvikelwa kokulondoloza efwini kuncike emandleni efu ngokwalo. Ngakho-ke, izinqubo ezinjalo zenziwa kuphela ngokubona komsebenzisi. Ngaphandle kwemvume yakhe, ayikho idatha ezolayishwa emafini.
3. Ubumfihlo be-Kingston DataTraveler Vault 3.0
Kodwa amadivaysi e-Kingston Zibuye futhi ne-antivirus eyakhelwe ngaphakathi ye-Drive Security evela ku-ESET. Lokhu kuvikela idatha ekuhlaselweni kwedrayivu ye-USB ngamagciwane, i-spyware, iTrojan, izikelemu, ama-rootkits, nokuxhumeka kumakhompyutha abanye abantu, omunye angase athi, akesabi. I-antivirus izoxwayisa ngokushesha umnikazi wedrayivu mayelana nezinsongo ezingaba khona, uma zikhona ezitholiwe. Kulokhu, umsebenzisi akadingi ukufaka isofthiwe ye-anti-virus ngokwakhe futhi akhokhele le nketho. I-ESET Drive Security ifakwa ngaphambilini ku-flash drive enelayisensi yeminyaka emihlanu.
I-Kingston DT Vault Privacy 3.0 yakhelwe futhi iqondiswe ikakhulukazi kochwepheshe be-IT. Ivumela abalawuli ukuthi bayisebenzise njengedrayivu ezimele noma bayingeze njengengxenye yesisombululo sokuphatha esimaphakathi, futhi ingase isetshenziselwe ukulungisa noma ukusetha kabusha ngokulawula kude amaphasiwedi nokulungisa izinqubomgomo zedivayisi. UKingston uze wengeza i-USB 3.0, ekuvumela ukuthi udlulise idatha evikelekile ngokushesha kakhulu kune-USB 2.0.
Sekukonke, i-DT Vault Privacy 3.0 iyindlela enhle kakhulu yomkhakha wezinkampani nezinhlangano ezidinga ukuvikelwa okuphezulu kwedatha yazo. Kungase futhi kunconywe kubo bonke abasebenzisi abasebenzisa amakhompyutha atholakala kumanethiwekhi omphakathi.
Ukuze uthole ukwaziswa okwengeziwe mayelana nemikhiqizo ye-Kingston, xhumana .
Source: www.habr.com