Menu
Is free
check in
the main  /  Programs / Safe data warehouse. Backup Utilities in Windows

Secure data warehouse. Backup Utilities in Windows


Today the topic information security Companies pay a lot of attention. Viral epidemics, hacker attacks, unauthorized access To information ... All these dangers, as well as methods of protection from them, are well understood quite well, and in most cases do not constitute special problems. However, for some reason, few people think about the fact that absolutely reliable security systems do not happen. They do not even happen if not to take into account the human factor that often becomes the most "narrow" place of any protection. In addition, it is impossible to forget about the possibility of physical theft of media with information. With this server abduction corporate networkwhere all commercial information is located can have simply disastrous consequences. In order for this not happened, the "second defense line" is necessary, which is able to protect the data in various unpleasant situations.

From the description of the task, it is clear that you can only cope with its solution in one way. It is, of course, about the reliable encryption of all commercial information of the company. That is, we need a special decision that implements cryptographic data protection, but it does not complicate work with it simple users. Today there are several products of this class. And now we will try to analyze functionality Some of them.

To begin with, let's at least briefly describe the products that we compare. The first of them is called zserver. This is the development of one of the leaders of the Russian information security market - the SECURIT company. This program constantly developing and improving. So, for example, the last, 4 version with new interesting features appeared on October 26 last year. The second product involved in our analysis will be the StrongDisk Server utility, developed by the specialists of the well-known company "Fiztech-Soft". The last version of its version 3.5 was released on November 15, 2004. Well, finally, the third, the latest product in our review will be the development of "Cryptoseif" from the company "Lan Crypto", known for its developments in the field of cryptography, in particular, their own data encryption algorithms.

The principle of operation of all listed information protection systems is the same. On the corporate network server, special storage are created in which all information is written in encrypted form. In the future, they can be connected to the system as virtual disks. In this case, during reading data from them, the latter will be automatically decoded in memory, and when recording, on the contrary, encrypted. Thus, we are talking about the implementation of the principle of transparent cryptocreformation. Its essence is that the data is always stored on the physical media only in an encrypted form, but the user can work with them in the same way as with any other information.

In order to continue comparison, you need to immediately deal with the principle of the work of the products under consideration. We will do it on the example of one of them - the ZServer program. Example implementation of cryptographic data protection on the server

So for detailed description The principle of cryptographic information protection on the server We chose the ZServer product. The reasons for this are very simple: Today, this software and hardware complex is one of the most advanced developments with some unique functions, which is no longer implemented anywhere. And the price of ZSERVER is by no means translated. Moreover, it is even less than the value of some of its competitors.

The ZServer complex software consists of three modules. The first one is set directly to the network server on which confidential information is stored. It is in it that the data encryption unit "on the fly" and the encryption key control unit is implemented. The second module is designed to control the protection system. It is responsible for generating encryption keys and download them to the server, the administrator authentication, all operations with disks and users and can be installed on any network computer.

The last module included in the ZSERVER complex is required to serve an alarm signal, which will be described below.

Confidential information in the ZSERVER program is the section specified by the Administrator hard disk. Usually it is not visible at all in the operating system, which considers it simply unreasonable space. After connection, this disk "manifests itself" with all data posted on it. At the same time, it becomes a "ordinary" logical section to which all standard means can be applied. operating system, for example, separation of user access rights. The initial configuration of ZServer looks like this.

The security administrator must run on its computer a special module, control console, and install local network Connection to the server. It is worth noting that this connection and mutual authentication is protected using a modified Diffie-Hellman algorithm. Next, the administrator needs to generate the encryption key. This process is carried out by chaotic movement with the mouse, from which the program "removes" random numbers. It is with their help and the encryption key is created. Next, it needs to be recorded in the memory of a smart card or USB-tokeny, protected by PIN. There is a key and will always be stored. Thus, it will be unavailable for attackers even if the device falls into their hands. After all, to access the protected memory, it is necessary to know exactly the correct PIN code, choose which is impossible. Of course, there is a chance of transmitting key information to intruders by an employee who has access to it. However, we must not forget that the right to connect encrypted discs should receive only those responsible for the information security of the company or managers. Well, if there is a loosely configured person among them, then no protection will save the data.

The next step is to load the encryption key from the smart card memory into server RAM. Only after that you can proceed directly to the encryption of the selected logical partition. This process can be delayed for a long time. And in order for users not "idle" at this time, in the ZServer program it is implemented in the background. That is, during encryption, information posted on the disk remains available. This allows for a second not to stop the work of the company's office.

This configuration of the protection system can be considered complete. The operation of the system is carried out as follows. In order to connect the protected disk, the Security Administrator must run the control console on its computer, connect a smart card or USB-token and by entering the correct PIN code, download the encryption key to the server memory. After that, the section "appears" in the operating system. But this is only the outside of the process. In fact, a special service, having received the correct encryption key, begins to decrypt the data by presenting them in a normal form for the operating system. USB-Tocken Security officer After completing the closed disk, it can turn off from its computer. In this case, the latter will still remain open until in random access memory Server hosts encryption key. That is, the disk "will disappear" in the case of rebooting the server, feeding the alarm signal or the corresponding command of the responsible employee with a token connected to its PC.

However, the disk connection is not always carried out so simple. The ZServer program implements a unique key quorum function. Its essence is to divide the encryption key to a certain number of (M) parts, each of which is stored in a smart card or USB-tokenen of some trusted employees. To open the disc, it is necessary that several (n) parts of the key are loaded into the memory of the server, and n may be less than or equal to m. This approach allows one side to achieve great flexibility, and on the other hand, significantly reduce the influence of the human factor on the reliability of the entire system.

In order for the information placed on a secure disk, has become available to the company's employees, you need to "share" folders. Rights management is carried out by means of the operating system based on user names stored in Active Directory. At the same time, no changes are required to produce any changes on other computers. Users in the same way as always will be in their own names according to the security policy implemented in the company. True, it is worth noting one point. The fact is that the introduction of the ZSERVER system will reduce the performance of the server by 10-15% depending on its configuration and the selected encryption algorithm. In addition, when performing some operations (initial encryption or disk stirring), this fall may be even more significant. This moment must be taken into account when putting the protection.

If desired, the administrator can enable network resource protection feature. It is necessary to ensure data security from unauthorized access in the process of operation of the system. After switching on network resource protection mode, all operations with shared folders can be performed only through the ZSERVER control console. Attempts to do something with standard interface windows administration will be blocked. In the simplest way to use this feature, you can generally disable network access to files and folders located on an encrypted section if, for example, files are used to work applications servers.

In the process of the company's work, various exceptional situations are possible, when there is an emergency closure of the currently open protected disks. This procedure is carried out by submitting an alarm signal to the server. You can do this in several ways. For example, to submit such a signal directly from your computers by clicking on a special "hot" key combination of the key, users who have given such a right.

Another option is to use a special device, the buttons supplied with ZServer. Pressing it, for example, when trying to attack the office, will lead either to the reboot, or simply to disconnect the open containers (depends on the settings). True, it should be borne in mind that the documents with which users worked on their workplaces will be defenseless. Moreover, in some cases, for example, if the disc disconnection occurred right in the process of recording information by someone from employees, part of it may be spoiled. In fact, it will be equivalent to the forced interruption of all remote connections with a simple server right during users.

Moreover, the system is implemented to "link" to this signal any scripts written in JScript or VBScript languages. Thus, it is possible to implement, for example, the substitution of a real encrypted disk on a specially prepared section with false information. In general, to supply the "Alarm" signal, it is enough to close the RX and TX contacts of the servers COM port. That is, if you wish, you can turn on the drives directly into the system of physical security of the office. In this case, the "Alarm" signal will be supplied automatically when the security alarm is triggered, the "unauthorized" opening of windows or doors, etc.

Another way to protect against unauthorized access to information is the entrance under coercion. Its essence is that under the threat of violence or in the case of blackmail, the company's employee can give his smart card to attackers and tell them a real PIN code, but on the contrary, that is, right to left. When I entered it, the system "will understand" that the data is under threat, echoing from the token's memory all encryption keys and give an error. True, it is worth noting that this feature is implemented exclusively by means of ZServer. That is, if the attackers try to use a smart card on a computer on which the control console is not installed, they simply receive an incorrect PIN entering.

We must not forget that the token in which the encryption key is stored may fail or be a lost responsible employee. In these cases, it is no longer possible to decipher the protected disk, that is, all the information will be irrevocably lost. In order to avoid this danger, the ZServer system implements the ability to copy encryption keys from one protected media to another. Moreover, two tokens come into the package of the complex. That is, the security administrator can record the same encryption keys on them and give the second copy to another responsible employee, put it in the company's safe or transfer it to the bank.

In addition to the danger, the loss of tokens with the key of encryption does not threaten. After all, even if he falls into the hands of intruders, the latter will still not be able to access its memory: it is impossible to choose a PIN code. The smart card provides the user four, and USB-tokens are just 3 input attempts. And if it does not gues the correct string (which is simply impossible), then access to the carrier will be completely blocked.

And finally, it is worth noting that the system protection system from unauthorized access does not ensure its safety from accidental or deliberate destruction or damage. Therefore, in any case, the system should operate on the corporate server. reserve copy data. At the same time, the presence of the ZSERVER complex does not interfere with the latter. The only condition to be done is to run the creation process. backup Only when the protected disk is open. It must be remembered that the data will be copied in decrypted form. To protect them, it is recommended to use special software, for example, ZBackup system from the same SECURIT company. Products

All cryptographic products always begin to compare with encryption algorithms implemented in them. Zserver and Strongdisk Server in this regard, in general, similar. Their developers "trained" their children at once several cryptographic technologies, including the AES algorithm, the US National Standard, which de facto became the modern world standard. In both products, users can use keys to 256 bits with a length of up to 256 bits to convert the source data, and this is more than enough for the modern level of development of computing equipment. By the way, in addition to the already implemented encryption algorithms, these programs allow you to connect external modulescontaining other cryptographic technologies. For example, with ZServer, you can use the Krypton Emulation Module, which implements the Russian National Standard.

The development of Kryptosayf is significantly different from its competitors. As we said, Lan Crypto is known for its own encryption algorithms, which were used in this development. True, it's good or bad - the question is controversial. The fact is that authoritative specialists in the field of cryptography do not recommend using programs with their own encryption algorithms. Still, well-known technologies, repeatedly tested by all laboratories, in the overwhelming majority of cases turn out to be more reliable. And in the case of "cryptoseph", this was confirmed. On the one hand, the algorithm implemented in this program has a certificate and on developer statements, adopted as a sectoral standard. However, on the other hand, during one of the contests of cryptographic technologies, he could not undergo a check on linear cryptanalysis. Therefore, it is not necessary to talk about the security of data encrypted by this algorithm.

The second parameter according to which the reliability of cryptographic systems should be evaluated is the means used to store key encryption keys. In most cases, it is much easier to steal key information than to suffer with decoding data. That is why reliable storage of encryption keys is very important. In the ZServer program, any media of information can be used. True, developers strongly recommend using only mobile media with PIN protection. By the way, that is why the product of the product includes a device for reading smart cards and two microprocessor cards with secure memory. This provides a really reliable storage of encryption keys.

The StrongDisk Server program uses a slightly different approach. In this product, the key is kept together with the most secure information, but in encrypted form. Moreover, the user can independently select the data required for decoding it. Options are available as a regular password, a key file, a code on a removable media or a biometric device. And if the last two ways satisfy modern ideas about reliable data storage, then there are no first. Moreover, the use of a password is a clear threat to the security of all encrypted information. Still, many users, how many people do not, still apply very weak keywordswhich are easily selected by full of brute force or bust in the dictionary. And the management of companies is often trying to minimize the tasks, so additional devices Not always is bought to the acquired protection system. Approximately the same can be said about the Kryptosaif program. It is also allowed to store keys directly on the hard disk of the computer.

Go ahead. Follow an important point is a way to generate encryption keys. Many users do not pay attention to this characteristic of special attention. And completely in vain. In world practice, there are cases when a weakly implemented random number generator used to create encryption keys has served as a hacking seems to be reliably closed using a high-quality information encryption algorithm. That is why in many modern products began to implement another approach. The encryption key in them generates the user itself, randomly pressing the keyboard keys or moving the mouse on the table. This method almost completely eliminates the "quick selection of" encryption keys. It is he who is implemented in the ZServer and Kryptosaif programs. In the StrongDisk Server system, a built-in generator of random numbers is used to generate encryption keys.

By the way, the programs in question and storage facilities are distinguished, which are used to record information and the organization of virtual disks. Usually for this apply separate filesConteeners. This approach is implemented in the product "Cryptosaph". The developers of the ZServer system went on another way. In their brainchild, a separate partition on the hard disk is used as a storage of information, perceived by the operating system simply as a unwanted space. Well, StrongDisk Server allows users to apply both methods.

A variant with container files has one advantage - this is mobility. That is, the file with the data can be easily copied to any media and attach it to another PC on which the corresponding software is installed. The lack of this approach lies in the vulnerability of the container. Viral attack, careless actions of hackers or users themselves can lead to removal or damage to this file. At the same time, all the information contained in it will be lost. In addition, with a large number of simultaneously connected users, working with a container file very much slows down. The second option, on the contrary, is completely devoid of mobility, but no programs that use the standard OS functions will not be able to damage the repository. In addition, we will not forget that we are talking about server utilities that are designed to protect the important documentation of the company. And mobility in this case turns into harm. So the approach implemented in ZServer seems to be more practical. Especially since simple information transfer can be provided by creating storage facilities on removable media.

Well, now let's talk about the additional features of the utilities reviewed today. The first of them, ZServer, has a fairly wide opportunity. First, in this product implemented an open interface for connecting various devicesFrom which the alarm can be served - "red buttons", radio key chains, sensors and accommodation devices for room access. Moreover, one such device is even included in the delivery. This feature is necessary if attackers broke into the room, wishing to take possession of information. Alarm activation will block all closed data, or to a server reboot (depending on the current settings). The second additional feature of the ZServer program is the main log of all administrator actions (actions with encryption keys, opening and closing disks, etc.). These logs may have invaluable help in case of any incidents with commercial information. With their help, you can easily see if there is something in the actions of a responsible employee that could cause data leakage.

Third additional feature It is the so-called quorum of keys. This is a unique feature present only in the ZServer product. Its essence is as follows. The key required for connecting the storage is divided into several, for example, on 3 parts, each of which receives one of the proxies of the company. Moreover, not all are needed to decrypt data, but only a certain number of parts, allow any 2. This approach allows to significantly reduce the risk of data leakage. After all, now the attackers will need to get not alone, but two keys. Yes, and the company's work does not depend on one person who is uniformly owned by access to access disks.

Another interesting opportunity ZServer is "atomic" implementation of data encryption. This means that the entire coding process is represented as a variety of separate transactions. This approach avoids data loss in various unforeseen situations. That is, at any time, the encryption operation can be interrupted or returned to the initial state, even in the case of unexpected server overload and power off.

In addition, the ZServer program has yet been implemented quite a few interesting and useful features: Support for multiple virtual disks, the ability to distinguish the access rights, integration of a system with various applications by executing JScript or VBScript scripts, convenient tooling data and a lot, much more.

The program Strongdisk Server also has a lot additional features. First, it implements the "Red Button" and the logging of appeals to secure information. Secondly, Strongdisk Server has a data backup function that is designed to correct the disadvantages of using container files. The third solution (must be recognized, very interesting) are the so-called false disks. That is, the user can "under pressure" to give attackers a special key with which they will see not real data, but some other information. In addition, in the StrongDisk Server program there are several functions that prevent leakage of already remote information. After all, it's no secret that destroyed by standard tools The operating system data actually remain on the hard disk. Additionally, you can mention the possibility of cleaning the paging file and temporary OS files in which some important information can remain theoretically.

Another worthy reference to the StrongDisk Server function is to protect information transmitted between the server and the end user computer. This is achieved by installing a secure connection between them (automatically) like VPN technology, as well as data transfer in encrypted form. In this case, on computers of end users requires the installation of a special client. Thus, the company, on whose server, the StrongDisk Server system is installed, it turns out to be protected from SNFF important information From the corporate network.

The smallest set of additional features has the program "Cryptoseif". It implements the "red button" that can "click" only from the computer, dependent services (automatic launch of certain services when connected by containers) and automatic shutdown Containers with long simple.

Well, now it remains only to compare prices for the reviewed programs. So, the cost of ZSERVER for Windows ranges from about 32500 (for 10 users) to 67500 (for an unlimited number of users) rubles. The package in addition to the program itself includes the necessary hardware (Card reader, 2 smart cards and "Red button"). The price of the product Strongdisk Server also depends on the number of users and varies from 24600 (for 10 users) to 82500 (unlimited number of licenses) rubles. Well, the cost of "cryptoseph" ranges from 21600 (by 10 users) to 60,000 (unlimited number of licenses) rubles, plus the buyer can pay 7,000 rubles for annual technical support.

You can purchase products in.

The idea of \u200b\u200bcloudist warehouses is genial. Instead of storing the data locally on the devices used, external disks and home network storage and messing with access, synchronization and backups, users online to transfer files and folders to data centers and do not know care. Access is provided from an application or client program, wherever the user is - you just need to enter the password. There are no problems with the place of storage: the services offer up to 30 TB, and for the initial period of use, the fee is not charged.

And yet there is a spoon of mounted in a barrel of honey, because of which all the charm of using clouds is forgotten. Users transmit their data to other people's hands: photos from the last holiday on the sea, or video from the wedding, or personal correspondence. Therefore, in this comparison, we focused on the safety of ten services cloud storage Data: IT giants - Apple, Google, Microsoft, Amazon, two hosting - Box and Dropbox, specializing in cloudy storage, as well as two service providers from Russia - Yandex and Mail.ru.

Plus a billion users in five years

Back in 2015, the number of cloud storage users was about 1.3 billion. To 2020, they will be 1 billion more.

Data traffic - three times more

In 2015, cloud warehouse users passed on average 513 MB of data per month. By 2020, the volume will increase threefold.


Functionality: Is it possible to believe advertising

Suppliers, of course, know that users attach particular importance, and should meet their requirements. If you run through all the offers, it seems that cloud services use the highest security standards and suppliers make every effort to protect the data of their customers.

However, with a more attentive reading it becomes clear that it does not quite correspond to reality and standards are not always new. Service providers exhaust the possibilities of secure storage of data are far from fully, but a "high security", "SSL protection" or "safe encryption" - no more than slogans that allow you to use the fact that most customers have no special knowledge in safety issues.

Network memory

Cloud storage services are set customers with free offers. For some fee, the volume can be increased.

TLS - not all

"SSL" and "HTTPS" - popular and well-known abbreviations from the security area. But vigilance should not lose. This type of encryption is a need, but not a guarantee of exceptional data security. Cryptographic tLS protocol (Transport Layer Security - "Protocol Protection transport level"), In 1999, officially replaced SSL 3.0 (Secure Sockets Layer -" The level of protected connectors ") provides secure data exchange between the cloud storage website and the client program on your computer or application on your smartphone.

Encryption during data transfer is important primarily to protect the incoming metadata. Without TLS, any attacker can intercept the transfer and change the data or steal the password.

We checked cloud storage with a comprehensive tool for QUALYS testing (sslabs.com/ssltest). All suppliers are used actual version Standard TLS 1.2. Six of them prefer 128-bit AES encryption, four - more powerful AES 256. And then, and other complaints does not cause. All services activate additional Perfect Forward Secrecy protection (PFS - "Perfect Direct Secrecy") so that the prompted encrypted data cannot be even subsequently deciphered.

HSTS Same (HTTP STRICT Transport Security - "Strict Transport Security HTTP") - Another security mechanism that protects against DOWNGRADE Attacks operations is most suppliers. The entire list, that is, TLS 1.2 with AES 256, PFS and HSTS, is only at Dropbox.

Double access to access

Access to personal data should be protected by two-stage verification. Amazon in addition to the password requests a PIN code that is generated by the application.


Encryption on the server - a matter of trust

Another standard function, except for a secure transmission, is data encryption on the Supplier server. Amazon and Microsoft, alas, make up an exception from the rules, not encrypting data. Apple uses AES 128, the rest is more recent AES 256.

Encryption in data centers is not a wonder: if attackers, despite all security measures, it will still be possible to steal user data, they will still need a key - if only they do not resort to extortion. And often it is here that there is a problem: this type of encryption is a very dubious output if the suppliers store keys to your data.

That is, some cloud service administrator can easily view all your photos at any time. If you believe with difficulty, maybe the option of access of the investigative data to the data will be more convincing. Of course, the suppliers demonstrate a serious attitude to business, but clients have to overpower themselves and show confidence, because in this way their data is not fully protected.


Dropbox provides security using 256-bit AES encryption during storage and SSL / TLS during transmission

END-TO-END encryption

So, most of the services ensures the security of user data by protecting and encrypting on the server, and all participants in our comparison that encrypt user data has keys. None of the services use END-TO-END encryption. Its fundamental difference from encryption during the transfer and on the server - encryption from the very beginning.


End-to-End implies encryption locally on user devices and transmission already in this form in the data centers. When accessing data, they are returned back to the user in the same encrypted form and decrypted on its devices. The meaning is that the user, firstly, sends data exclusively in encrypted form, and secondly, it does not give any keys to the provider.

That is, even if the admin burns from curiosity, the attacker abducts the data or the investigative authorities need to be disclosed, nothing will happen to them.
With constant encryption, the implementation of the so-called "zero disclosure principle" (Zero Knowledge) is closely connected.

Translated to a simple language, the essence of it in the following: no one except you knows how to decrypt your data. No cloud storage service provider receives information that can be used to decrypt encrypted data, "you have not reported anything to him, he has" zero knowledge. " It is difficult to implement this in practice and quite uncomfortable, and participants in our comparison on this criterion can not submit to us.

Without two-factor authentication

Obviously, suppliers are dealing with the security issues of their customers, but for some reason the action plan is not fully thought out. Access to data stored in the cloud effectively protects two-factor authentication. Its essence is as follows.

To successfully complete the entry process, only the username and password is not enough - you need another PIN, and not permanent, such as for a bank card, but an application generated on your smartphone or sent by SMS on your phone. Typically, such codes are valid for 30 seconds.

The user needs to keep a smartphone tied to account, and during the login after password, enter the received code. Domestic suppliers This simple and efficient protection method is not offered, unlike the Internet giants, as well as the "narrow-profile" Box and Dropbox.

The actual speed of cloud storage

We measured the cloud storage speed of the cable (up to 212 Mbps), DSL (18 Mbps) and LTE (40 Mbps). The diagram presents an average speed in all methods of the connection.


Himself encrypter. BoxCryptor encrypts files on the device and provides convenient account management in cloud storage In one window. Users can choose whether they need to manage the key or not

Location - also an important aspect

Despite all the efforts, at home it is impossible to achieve the level of security that offers cloud storage service in the data center, and this is a powerful argument in favor of cloud storage. This can be verified by looking at their equipment. All suppliers except Dropbox, even for free offers are certified by the international ISO 27001 standard.

An important role is also plays the location of the data centers. Amazon, Google servers and other companies are located in the United States and fall under the action of American laws. For servers that are located only in Russia, for example, "Yandex" and Mail.Ru, respectively, the Russian laws are distributed.


In order not to interfere with other programs, Dropbox uses an automatic restriction in the client.

Conclusion: there is where to grow

Cloud storage services that we reviewed safety offer only standard set. Search encryption End-to-End or Zero Knowledge does not make sense. Data protection provides all services, but the encryption on Amazon and Microsoft servers are not engaged.

But the data centers meet the high requirements of information security. At the same time, the cloud storage with the perfect protection comparison did not reveal.

The advantages of Russian suppliers are in location, however, the simplest protection methods, such as two-factor authentication, they ignore. You must take care of constant data protection, even if it means big expenses and complex management.

No digital device: computer, laptop, tablet, smartphone, do not provide absolute reliability. The nature of failed situations is different: physical breakdown, software failure, Block virus actions. The result is one - the loss of user data. How to protect valuable photos, documents and ensure their secure storage - in this article.

How to do and where to store backups

Backup allows you to reduce the likelihood of losing user data. Modern operating systems offer developed regular utilities for removing a picture with important system and user files.

To begin with, we will understand which data you need to copy to the copy. Users are not recommended to archive:

  • Files with more than 100 MB: Films and videos, distributions of games and programs. All this can be downloaded again.
  • Music, With the exception of rare records that make up the diamond collection of real music lovers. Mediamatka most users include compositions, download no longer a problem.
  • Files of games and programsinstalled on the computer and their distributions. After full reset of the system you download installation file Applications and install again. According to experienced system administrators, for a number of programs, the installation "in pure" is even useful.
  • Important documents. In principle, the user is difficult to carry out a line between valuable and useless text files and presentations stored on his disk. For this reason, it is easier to organize a full backup of the Documents folder.
  • Personal Photos. Photos are stored on external drives, optical disks, crowded the family paper albums. With development network technologies Users are increasingly trusted by cloud storage facilities. They are reliable, do not require maintenance costs and are available from any device connected to the Internet.
  • Work files of other formats. Specialists in certain areas: artists, musicians, designers and builders should organize backups of their working files if they work with them on the home computer.

To create a backup use:

  • Physical copying of the document or photos in the cloud or on the outer carrier. Action is performed manually by the user by or trust the Windows Task Scheduler for automatic launch Scheduled.
  • Stable program Computer operating system. In Windows 7, 8, 10, the backup utility is combined with the failed version control mechanism, which is convenient.
  • Third-party program. Developers try to make an interface that allows you to quickly master all the possibilities and make a backup as quickly as possible.

To store a backup use:

  • External drives with USB connector. This is the most available way Storage with low price per megabyte information. If there are few files, there is a 32 GB flash drive. For large volumes, external HDD are intended.
  • CD or DVD optical discs. To reduce the cost of storage, users use rewritable media. The advantage of this method is a certain reliability and ability to compactly store copies in a safe or fireproof cabinet.
  • Cloud storage. Convenient if the computer or laptop is connected to broadband Internet. On ensuring security with this method will be described below.

To fold copies on the same drive where the files themselves are stored, it is not recommended. When the drive is out of order, you will lose everything.

How to organize storage of files

Do not store data on the system disk

The most common user error is to create the documents folder directly on the system disk. This method of data storage entails two problems:

  • With full recovery system, the personal data of the user with a high probability will not be saved.
  • If the system partition fails, user data is reflected.

Move the documents to another section. To do this, click the right mouse button on the folder and select Properties. Switch to the location section and specify the non-system partition of the file storage.

After pressing the button, the Move system copies all your data into a new section.

On most personal computers and laptops, the system partition is denoted by the C: Literary.

Do not post files on your desktop

Having received new file. On the Internet or using a flash drive, users shift it to the system desktop. This makes it difficult to organize backup and reduces the available space on the system disk.

Copy the file into the Documents folder, and create a shortcut on the desktop. To do this, press the right mouse button. Select Send, Desktop (Create a shortcut).

Existing files (not shortcuts) on the desktop distribute documents, images and so on to folders.

Divide temporary and important files folders

Another popular error is the folding of documents and photos in one folder. Under really important files are worth creating a separate folder. This will reduce the size of the backup and accelerate its creation.

Most of the backup utilities allow you to finely adjust the processed elements and selectively restore them if necessary. In addition, the selection of a separate folder will allow you to assign an access level to it, which is important on a publicly available computer.

Do not store movies after watching

Big files occupy a disk space and make it difficult to create backup copies. Take a rule to copy them to external media or cloud storage facilities with subsequent removal from local drives.

Backup setup to Windows 7, 8, 10

System files archives the operating system itself. Full backup It will take a lot of space and has a minimum chance of restoring the computer performance. In critical situations it is easier to perform full reset Systems with user data saving. In Windows 10, the recovery image is stored in an independent section on the drive personal computer or laptop.

Make a reservation that in this article we consider the needs ordinary users. System administrators consider bacup files Mandatory systems. This allows you to return to the life of the server in a matter of hours, without a long reinstall software.

In the settings, locate update and security and click Archiving Service. Go to archive and windows restoration 7.

Select backup setting according to the figure.

Specify the drive and partition on it that will be used to store backups.

As can be seen from the figure, the system automatically determines only non-system volumes for recording backups. You can specify an external drive, another section of the main HDD or an optical disk recording device.

In the next dialog box, take the file management for the backup.

And turn off the backup of movies, music and other unimportant data. For example, only documents are left.

The following window sets up a schedule for creating backups and the procedure itself is started.

This version of the tincture is running, starting with version 7 and allows you to specify a network storage for copies. In Windows 10, another method is implemented. When using new Windows 10 archiving tools, make the following steps.

Select an external drive with a sufficient amount of free space.

Click Other Parameters and configure backup graphics.

Additionally, the storage time of backups from 1 month to 2 years is adjusted. By default, old copies are not automatically deleted.

To set up folders to be backup, add them to the Add Folder button in the "Returning ..." list. To exclude - in the list "Exclude ...".

Attention! When configuring backups, eliminate the folders created by cloud warehouses. They are synchronized with the network disk, additional archiving is not required.

When connecting an external drive, use fast uSB ports 3.0 blue. This will speed up the process of creating backups.

How to restore the file from the backup

Advantage of backup configuration windows tools 10 - Ability to restore any version of the document or photography. In the context menu, which drops out on the right mouse button, select Restore the previous version.

If the document or photo has been deleted and cannot be restored from the basket, go to the backup settings section and select Restore Files from the current backup.

Navigation buttons move the copy point back and forth along the time line. The green arrow button restores the selected file into the folder where it was removed from.

How to encrypt backup

The staff of the archiving of Windows 10 by default does not encrypt the data. Before you send it to the cloud storage, the folder must be packaged and set the password.

Let us give an example using WinRAR. You call the right mouse button and folder with backups context menu, select add to the archive.

Install the password and pack the data.

In this form, a copy without fears can be stored anywhere: in the cloud, on the network storage, on the flash drive.

How to use cloud storage for backup

Cloud storages allow at least three scenarios that are convenient for performing regular data backups.

Working with storage files locally. Most network storage are offered customer applications for a computer and smartphone. In the file created by the local folder, the files are automatically synchronized with the repository. All that is required from the user is to store your documents in these folders.

If the system destruction or physical damage to the local disk occurs, you install a new drive, restore the system and re-log in in the cloud. All files on a computer from synchronized folders will be restored without user participation.

Synchronization of backups with a cloud disk. Another network storage use scenario - as a drive for storing backup copies performed by system software or special programs.

Install the client storage client program and create a synchronized Backup folder. When you configure the backup, specify the path to it in the form "D: \\ YandexDisk \\ Yandexdisk \\ Backup". Please note that such a synchronized folder must be placed on another, not a system section. Backups will regularly be copied via the Internet to Yandex servers.

Storage of backups on a cloud disk.If the user does not want to spend a valuable place on the local storage device for storing backups, you must use party program For direct access to the network storage. Such an opportunity is offered by Handy Backup for Yandex.Disk (free version), Acronics True Image. and a number of others.

With this option, the backup immediately goes to the cloud and is not stored on local disk. This method can be used to regularly copy copies of important files.

Please note that when using cloud storage facilities to perform backups, you need to provide a sufficient free space in the cloud or reduce the number of copied files, leaving only the most important.

Backup Utilities in Windows

To make the procedure for creating backups simpler and fast, you can use third-party programs. Most popular:

Acronis True Image.. After installation, the program offers to select the storage location of copies.

Also adjusts the schedule to perform backups on schedule.

The advantage of the program for an unprepared user - all operations are performed independently and most of the settings "from the box" work correctly.

Acronis True Image 2018 will protect you from extortioners / encrypters and loss of important data in other cases. There is a function of creating loading flash drives for full recovery Computer in case of system failure.

Handy Backup for Cloud. The utility is distributed free of charge, but registration is required. On the email The key is sent. The wizard will allow you to quickly perform the necessary operation: back up, restore it or synchronize files.

And connect to your cloud storage in the next step. Please note that storing backups on the cloud is in encrypted form. To do this, at the fifth step of the wizard, tick the encryption.

Copies can compress the built-in ZIP archiver to reduce the volume of them on external accumulator or in the cloud of space.

Handy Backup allows you to set up schedule, events to start backup, different backup options: incremental, complete, differentiated. More functions in the paid version.

IPerius Backup Free.. Free version of a powerful backup tool for computers and laptops running under windows control 8 and 10. Fully Russified user interface Promotes the rapid development of functions and capabilities.

When configuring folders to be created backups, you can put a size filter. If you accidentally in the Documents folder will be a 3.5 GB film, iPerius Backup will independently miss it and will not increase the backup size.

Attention! Backup to the cloud is supported only in paid versions Utilities Imperius Backup. You can select a repository located on the local network, the FTP server or an external drive.

Backup programs in Linux

For operating room linux systems There are also a number convenient programs To perform backup important data. Here are a list of these applications:

Rsync.. The utility is intended for experienced users. Works out command line. Used to create powerful scripts that automatically perform all the necessary backup operations. It has graphic interface GRSYNC.

Fwbackups.. Free utilityhaving versions under Windows and Linux. The utility code is open. As a plus, experts mark a simple graphical interface with settings available to unprepared users.

Over the past few years, so many services have appeared for remote storage and synchronization of user data, which is almost impossible to abandon their use. Nevertheless, many confidentiality issues. In the end, downloading files into the cloud, we convey them to someone else's computer, and therefore access to our information may have someone other than us.

On the other hand, it is difficult to abandon numerous amenities that services are given to data storage services: the availability of a backup file of files, the ability to access your documents from any device from anywhere in the world, convenient file transfer to other people. You can find several ways to solve the security problem of remote file storage. Some of them will be discussed in this review.

CloudFogger.- Free encryption for any cloud

Perhaps the easiest way to care for the safety of files stored in the cloud is to encrypt them manually. To do this, you can use password-protected archives or one of the many existing encryption applications. But for those who deal with large number Documents in which changes are constantly being made, such methods are not very well suited. Since the services for remote file storage are eliminated from the need to download files manually on them, then the encryption process is automated. This can be implemented using the CLOUDFOGGER specialized program. It works with Windows, Mac, and can also be installed on devices with Android and iOS.

The application encrypts data using 256-bit encryption by the AES algorithm, before they are loaded into the cloud. Files fall on Dropbox servers and other cloud storage only in an encrypted form, so access to them can only be obtained if on the device from which you want to open the file are also installed CloudFogger.

It is very convenient that encryption does not cause inconvenience in operation: the key to access files is entered only once, when loading the system, after which you can work with them as usual mode. But if, for example, the laptop will be stolen, then the attacker will not be able to find out the content of the files in protected folders at the next launch.

At the beginning of working with CloudFogger you need to create an account (and for more security, you can disable the password recovery option, but in this case it is not categorically recommended to forget). Then the application will attempt to find the folders of popular cloud services Dropbox, SkyDrive, Google Drive. And others. But even if CloudFogger did not cope with this task in automatic modeAll the same can be manually selecting directory, the contents of which you want to encrypt.

In addition, it is possible to identify individual files from any other folders. Make it the easiest way with context menu "Explorer" - CloudFogger adds its own list of commands to it.

It is also possible to exclude individual directory and files from those folders that are protected by CloudFogger from encryption. Such data will be downloaded for cloud services in normal mode. It should be borne in mind that after the synchronized folder will be protected by CloudFogger, it will take some time on re-loading data from it into the cloud storage.

Another CloudFogger function is the exchange of encrypted files with other people. If the data contained in cloud storage facilities will be protected by the application, standard methods Sending links to them to other people will not fit. But if you enable access to files in the CloudFogger interface, you can safely exchange them with other people. Claudfogger files can be transmitted on a flash drive or sent by mail.

Technically, access to files works like this: Each CloudFogger file (.cfog) contains a unique AES key, which is stored in the encrypted form in the file itself. Such 256-bit keys are protected by RSA keys that are unique for each user. The decoding occurs only if access to the file is trying to get that user whose RSA key matches the file header. CFOG. If there are several of these users, data on their keys, respectively, are recorded in the headlines of the files.

Another specialized solution to ensure the security of files on "cloud" services - Boxcryptor. Originally created as an addition to Dropbox, today this application supports all popular services for remote storage of files. True, B. free version Available data encryption stored only on one service, and you cannot enable file name encryption.

BOXCRYPTOR automatically determines the presence of installed customers of popular services for storing files in the cloud (even "Yandex.Disk" is supported), creates virtual disk And adds the appropriate folders to it. In the settings you can manage all connected folders: add new ones, to turn off encryption and so on.

The service offers support for all major platforms, both desktop and mobile. There is even an extension for Google Chrome.. To work with BoxCryptor, you will need to create an account - forget your password categorically not recommended!

TRESORIT. - Cloud service with high attention to safety

If you still do not use any services for remote file storage, you should pay attention to the young Tresorit project, launched about six months ago. The service is created as an alternative to standard file storage solutions in the cloud and is ready to provide a much higher level of file privacy.

Tresorit provides file encryption on the user side. Thus, all data is stored on service servers already in encrypted form. For encryption, the resistant AES-256 algorithm is used. When creating a user account, you warn that in case of password loss, it will be impossible to access the data on the remote server. No ways to recover password are not provided because the password is not stored anywhere: installed Annexnor on service servers. And for users who have lost password, TRESORIT developers offer the only solution - to register again.

For enhanced security, you will have to pay a refusal from some familiar functions. For example, you will not be able to access your files from someone else's computer - there is no web interface for TRESORIT. So far, developers do not even promise such an opportunity, explaining that in JavaScript a lot of vulnerabilities. However, taking into account the possibility of installing the TRESORIT application on mobile devices, this lack does not seem so serious - in the end, if there is no possibility to carry a laptop everywhere, then the smartphone is already accurate almost always with the user.

For file sharing, invitations sent by mail are used. Customizing general access, You can assign different roles: Some can only view files, others - to make changes to them and add new files to the folders, the third - plus to this also to invite new users.

Mega.- Safe 50 GB in the cloud with synchronization

Until recently, the new brainchild Kim Dotcoma could hardly be treated as an alternative to familiar services for remote storage of files. The fact is that the only way to download files into it was dragging them to the browser window. Accordingly, there was no automatic load or synchronization of speech.

But with the release of the Android application, as well as the beta version of the client for Windows, these two major opportunities appeared.

About the service itself and about the principles of security, on the basis of which it was created, we wrote in detail in the material "MEGA-Return of Kima Dotcoma: 50 GB in the cloud for free", so we will dwell only at the main points. So, Mega was created as an answer to the closure of MegauLoad by the American authorities. Servers on which custom data are stored in New Zealand. All files are encrypted on the user side, that is, before sending to the service, it is impossible to gain access to them without a password. Unlike Tresorit, Mega works in the browser and allows users to view file lists, delete and move them, but online-view is not available, as they are encrypted. To view the file you need to pre-download to the disk. For encryption, a 2048-bit RSA key is used, and forgot password It is impossible to restore because it is both the encryption key.

Initially, users did not even have the ability to change the password entered during registration, but now this opportunity appeared. Moreover, if the user has already entered his Mega account in the browser, but does not remember the current password, it can change it by entering a new one and then turning on a confirmation link in the letter that is sent to the e-mail address attached to the account.

MEGASYNC client allows you to synchronize the contents of any folder on the disk with virtual foldersAvailable in Mega Account. Right as initial setting You can choose which folders where you need to baked.

Later in the application settings, you can add additional folders. Customer settings also make it possible to view free-location information (Recall, Mega offers as many as 50 GB for free), limit the download speed, use proxy.

The Android MEGA client allows not only to download files stored on the server, but also automatically download all photos and video files made by the device. Also in the client all basic operations for working with files are available: delete, move, create links to files for exchange with other people, search.

⇡ Conclusion

Availability on a computer file, the content of which is not worth knowing any other, is not a reason to refuse to use services for remote data storage. Just need to take care of privacy by setting software to ensure additional protection Or preferred one of the services with encryption on the user side. MEGA looks most attractive among all considered solutions. The service offers a very large amount of disk space for free, ensures encryption of files before downloading to the server without using additional utilities, and also makes it possible to view the list of files and manage them in the browser and with mobile device on Android.