Data reference: CISP official
Table of contents
- System Backup and Restore
- data backup
- data shredding
- data encryption
1. System backup and restore
Why do you need a system backup
- The system gets slower and slower
- System failures lead to instability
- The system cannot log in
System backup redeployment (reinstall system, reset system)
- Lost configuration, needs to be reconfigured
- Risk of loss of personal data
system restore point
- high speed
- Personal configuration is not lost
Create a system restore point
- Enable system protection
- Create a restore point for a partition
Select the state to restore to
- Multiple restore point times can be created
2. Data backup
Risk of Data Loss
- hardware malfunction
- software failure
- wrong operation
- Malicious code
System backup restore does not protect user data
Regular data backup is a good embodiment of security awareness
Personal data backup method - mobile hard disk
advantage
- Simple and convenient, just copy important data
- low cost
insufficient
- Inconvenience and trouble caused by frequent data changes and frequent backups
- When the amount of data is large, it takes a long time to back up once
Personal data backup method - online cloud disk
advantage
- Directory changes are automatically synchronized
insufficient
- Bandwidth, Traffic, Cost
- Risk of data breach
3. Data shredding
Data shredding value
- Avoid illegal restoration of data (normal deletion of files, restoration of formatted hard disk)
Situations that require data shredding
-
Deletion of sensitive data : When you need to permanently delete files containing sensitive information, normal file deletion alone cannot guarantee that the data will not be recovered. In this case, performing data shredding can more reliably prevent data leakage.
-
Formatting of media storing sensitive data : If your storage media (such as hard disks, USB drives, etc.) contain sensitive data and you intend to transfer or discard it, simply formatting it is not safe enough. Data shredding ensures that data cannot be recovered by unauthorized persons.
-
Disposal of storage media for sensitive data : When you need to dispose of discarded storage media, such as old hard drives, tapes, etc., which may contain sensitive information. Data shredding is necessary before it is discarded or recycled to avoid recovery and misuse by others.
-
Repair/loaning of devices storing sensitive data : If you need to send in a device with sensitive data for repair or lend it to someone else, data shredding is an important step in keeping your data safe. This prevents unauthorized persons from accessing and restoring data.
A more thorough approach:
-
Physical destruction : By physical means, such as smashing or burning the hard disk, the data on the storage medium can be completely destroyed. This is a very reliable method, but requires attention to proper environmental and safety measures to prevent environmental contamination and personal injury.
-
Electronic degaussing : Using professional electronic degaussing equipment can completely erase the data on the storage medium. This method is suitable for magnetic media (such as hard disks, tapes, etc.) and can effectively wipe data and prevent recovery.
Why Data Shredding is Necessary
file deletion
- Conventional file deletion methods do not actually delete files from the system
- When a user deletes a file, the operating system does not actually delete the file from the storage medium, but only marks the file as deleted from the file system
Data shredding implementation
data shredding
- Use file shredding software (such as PGP Shedder, Eraser, etc.)
Principle: repeated coverage
- Gutman algorithm 35 times, theoretically absolutely irrecoverable
- US Department of Defense hard disk data erasure standard (DOD) 5220.22-M/my country Secret Service BMB21-2007 standard: 7 times, basically irrecoverable
- Other requirements: 3 times, 1 time, etc.
4. Data encryption
The role of data encryption
- Main measures to protect data security
- The last security barrier for data
Data encryption value
- Can't read: Can't view data without key
- key: key
Implementation of Windows Data Encryption
- EFS
- Bitlocker
Data encryption implementation - EFS
What is EFS
- Encrypting File System (Encrypting File System, EFS), windows provides software for encrypting files and folders on NTFS volumes
advantage
- built into Windows
- Transparent to users, easy to operate
insufficient
- Does not address data protection in case of physical loss of device
- key backup problem
ES key management
- EFS uses a public key system
- Key Generation: Domain Controller or Localhost
key dependency
- According to the famous Kerckhoff criterion in cryptography, the security of the currently widely used cryptographic system depends on the security of the key
- To prevent the system from crashing or reinstalling the system, the key will be lost and the data cannot be decrypted. The EFS key should be backed up
How to open the local certificate management tool of Windows computer - Baidu experience (baidu.com)
Data encryption implements Bitlocker
What is Bitlocker
- Data encryption protection mechanism built into the system starting from Windows Vista
- Solve the threat of data theft or malicious disclosure caused by physical contact such as loss, theft or repair of computer equipment
advantage
- Built into Windows systems to encrypt entire volumes
- Supports Trusted Platform Module (TMP) collaboration to protect user data and prevent computer tampering while the system is offline
- When there is no TMP, the key can be stored in the USB Key