Security

SecurStore Security

Data is transferred and stored with the strongest security methods available to eliminate the risk of data getting into the wrong hands. Our backup service uses a combination of security protocols, including military-grade authentication, data encryption, password protection and client / system side logging.

It is designed to keep backed up data confidential, while retaining the ability for legitimate users to perform data recovery when necessary. In order to achieve this, the DS-Client uses various protection measures, as follows:

SecurStore DS-Client and DS-System Authentication

The DS-Client/DS-System authentication protocol ensures that no-one can impersonate a DS-Client account, connect to the DS-System and gain access to confidential data. In order to do this, the DS-System uses the following DS-Client authentication parameters:

  • A DS-Client is only accepted if it is configured using the correct DS-Client and account numbers. These values are uniquely generated when a DS-Client account is created.
  • A DS-Client is only accepted if it has valid encryption keys (these keys are set and locked at the first DS-Client activity)
  • A DS-Client is only accepted if it has a valid hardware hash (the hash is set and locked during the first DS-Client activity. It can only be reset by the service provider). This means that even if the DS-Client number, account number and encryption keys are known, a DS-Client cannot be impersonated by a computer with different hardware.
  • A DS-Client is only accepted if the IP address of the DS-Client is within the configured range set at the DS-Client creation point. The DS-System will reject DS-Clients that connect with invalid IP addresses, even if they have valid connection credentials.

Data encryption

Backup data sent between the DS-Client and DS-System is encrypted using FIPS-240-2 Certified encryption (AES 128, AES 192 or AES 256). This means that even by gaining access to the data stream, the data remains processed (delta, common file elimination), compressed (zlib or lzop) and encrypted. All encryption / decryption occurs at the DS-Client side only.

This avoids the following potential attacks:

• Any intrusion monitoring the data transmitted between the DS-Client and DS-System would only intercept encrypted blocks. Access to confidential file content is not possible.

• Even with full access to the DS-System storage, attackers could not read the contents of files. Stored data is always encrypted and the DS-System does not store the DS-Client encryption keys (it uses a one-way hash to validate encryption keys).

Stored password encryption

The DS-Client stores access passwords for source machines in an encrypted format (AES 128) in its database. The DS-Client encryption keys are stored encrypted (AES 128) in the registry.

This has the following effect:

• If the DS-Client machine is compromised (a hacker gaining full access to the machine), the passwords the DS-Client uses to access remote machines are not compromised.

  • How it works
  • How to Restore SQL
  • How to Restore Exchange
Solutions
Cloud Backup
About us
Pressroom
ISO 27001
Expert Tips
Partners
Become a partner
Top Ten Reasons
24/7 Support
Support Login
Case studies
Williams De Broe
Leigh Day & Co Solicitors
La Senza
Emperor Design
NG Bailey
NSI Gold Company
The Edge Picture Company
The Hurlingham Club
Company
Securstore UK Ltd
8 The Square, Stockley Park
Uxbridge, Middlesex UB11 1FW
sales@securstore.com
support@securstore.com
Call us:
UK: 0800 180 4425
US: 1 888 738 8011
Int: +44 20 7331 4304

Stay up to date with SecurStore's latest news