Acronis security

With the latest version of ATI, in Backup Options you should be able to specify AES encryption. this should provide you the security you are looking for. Check page 55 of the User guide, Section 3.11.3.

You can find the user guide here:

http://www.acronis.com/homecomputing/download/docs/

The above applies to disk backups. If you are only doing a Files backup, then I don't think the encryption option is available (see sectin 3.11.12 of the User Guide), although the windows security settings should be preserved. If you copy a file out of the backup, you shouldn't be able to open it unless you have the appropriate windows permissions for the file. Are you saying the windows permissions are not being preserved?

Scott,
In 2011, it is possible to encrypt the backup archive for a disk and partition, or for a file backup.

Stephen,
The preserve security settings option refers to whether the backup captures the security metadata of the file at backup time. At restore time, this will allow the option to restore the files with the original access control settings or let the restored files take the security settings of the folder they are restored to.
This setting however doesn't change how the TIB file itself is accessed. This is handled by windows.

in ATI2011, encryption is one of the Disk backup options. You can specify 128 or 256bit key security to encrypt the backup--you'd do this when you set up the backup.

The TIB can be accessed but the files within the image should not be open/viewable unless one has the right permissions. That's how it's supposed to work, to the best of my understanding.

I ran a test. I backed up some files private to a user while preserving the security settings, moved the TIB file to another account and to another computer with a different user. I was able to browse the TIB file. I was able to restore the files. On the other computer running XP, in the properties of each file, there was something saying the the file is coming from another computer and might be blocked, and there was a "unblock" button nearby. There was no change in behavior whether I clicked this button or not: the file can be accessed.

Maybe the behavior is not what it should be, but clearly preserving the windows file security settings in a backup do not prevent a third party user to access the files on another computer or on the same computer.

It doesn't suprise me that files are accessible in an archive that is not protected by password, but I can understand how you could have different expectations based on the what the options look like.

I am grateful for peoples help. To be honest it seems a tall order to remove files from a restricted environment and expect security to be maintained! I would add that Acronis should highlight the pitfalls of people backing up files from a account with security issues. Clearly "preserve file security settings" is misleading?

Anyway to cut to the chase, what is the best way to maintain some security when backing up personal files? One thought I had was to create the back up in a encrypted folder?

Thanks to you again

Stephen

Or you can encrypt the files as you make them or, e.g., with Word docs, you can password protect them when you save them. The password protection will remain part of the file, even if backed up and restored.

Stephen,

The best way: with ATI 2011 you can create a file backup and encrypt the entire archive with a password. See screenshot attached. That is the best way to protect your files.

Choose AES encryption. 128bit is enough for personal files. 256bit for military grade protection.

Note your cannot add a password after you set up the backup.

If you encrypt your files using Windows EFS ("encrypted folder"), your files will be backed up encrypted. Although there is an option to store them unencrypted in the backup archive, this option fails in the current build.

What is the issue with storing encrypted file in the backup, you may ask. If you store your files encrypted in the backup, they will be restored encrypted. If you need to restore these files in a user account profile that is not *exactly* the one that encrypted the file ((let's say to restore them on a new computer), you will NOT be able to access these files. You can backup and restore the EFS certificate with windows, but it is a bit more convoluted and solve this issue, but you have to backup the certificate as soon as you encrypt the files and store the key in a safe place.

I think the "preserve file security settings" option is more for preventing permission problems when restored than anything else. I wouldn't count on it for any actual security. It's not generally too difficult to get into another user's files, even in normal Windows.