Re: Securing Your PC and Data
Security of personal information.
The prior discussion has focused on what might be considered the digital security of a system and, by extension, the information stored on it. Here we consider the actual physical integrity of the system and how users should approach that topic. It is often thought of as maintaining backups of data, but it really much more than that. The objective is to put into place an infrastructure that assures maximal system uptime and maximal integrity of any final or in-process work being performed on your systems. There are a number of discrete dimensions to be considered, but a scenario in which your primary system drive exhibits unpredicted and catastrophic physical failure captures the key elements that one needs to consider. If this occurs, one needs to contemplate the following:
Maintaining a viable backup strategy.
- Let’s be clear from the start, unlike the discussion on malware infection which may never occur, physical failure of a hard drive is only a matter of time. It will happen to you. It may occur within the first year, 5 years down the road, or perhaps after 10 years. However, it will happen. It is only a matter of time. Too many users fail to fully appreciate the consequences of this simple reality.
- If a physical device fails catastrophically, you need to assume that any information contained on it is lost. Subdividing a large drive into multiple partitions won’t help you here. Information needs to be retained on a separate physical device. With the current cost of hard drive media, and the potential value of digital assets, there should be no question regarding the use of separate physical devices for backup of files.
- Hidden restore partitions that vendors like to use as a simple cost and support savings measure fail in this scenario. Do you have an alternate path to recreating a complete base OS installation of your system on bare metal? If not, you need to plan for this eventuality.
- In many instances, it is not only required that you have (only in principle in many instances) the means to restore full functionality to your machine, you need to be able to do that quickly. A scenario that is useful to consider is the poor university student facing a deadline on a major project when disaster strikes. Depending on the circumstances, that deadline may not be movable. What steps could a student preemptively take to best manage through this possibility? Disaster could be a drive failure, loss of a laptop, or theft of a laptop. In all three cases, needed information and work product is gone and needs to be rapidly replaced.
- A simple reality that we all need to embrace is that the world, and our assets in this world, is increasingly digital in nature. Assets such as:
- Personal photographs and documents that have mainly sentimental value – which are not replaceable if lost.
- Purchased electronic media – music files, software downloads with serial keys and/or key files.
- Contact databases and email
- Important financial and tax records
The listing of these categories is to make a point – there’s a lot of material which, if lost, could result in extreme levels of inconvenience to outright financial loss. This material needs to be protected against loss.
This is the point at which decisions need to be taken. What should I do? To coherently answer that question, you need to assess a few details:
- Am I trying to preserve a system with static content? This could be, for example, a PC in a public café, a simple walk-up access machine, and so on. You need it to work but no user documents are meant to be stored on this machine. In this case, all one needs to do it is to maintain either (a) the needed OS/application reinstall discs and information (activation codes, etc) or (b) a physical clone of the full operating partition. As purely a matter of speed, option (b) is probably preferred since the timeline from total failure to total resurrection is simply the time to reclone the HDD.
- If the content of a machine is dynamic, what’s the typical timescale of changes? If it’s infrequent, a simple clone or backup plus scheduled incremental backup strategy may suffice.
- An observation - it seems a truism that security/backup solutions that rely on continual active user interaction/initiation to function are prone to eventual (user based) failure. In both security and backup, one is managing the risks associated with a low frequency event. Performing daily backups for 4 years gets old, so you stop, only to be subject to failure in year 5. One needs to eliminate the “it gets old/boring/whatever” eventuality from happening. This is the type of circumstance in which automation, coupled with notification in the event of exceptions, does seem the best (or at least a prudent) course of action.
- Solutions. Potential solutions are as numerous as the stars. Some are better, some worse. Examples include:
- With an Apple Mac, get a Time Capsule and use the OS-X based Time Machine. This approach, coupled with creation of an external drive bootable clone (using Carbon Copy Cloner), provides constant, unattended, system backup with immediate access to a secondary bootable image. The time from full HDD failure to being operational is simply the time to restart over a Firewire connection.
- For a small (< 10 machines) home network, a Windows Home Server system provides an excellent solution with decent price scalability for even a handful of systems. Options range from an older system recast as a home server running a copy of Microsoft Windows Home Server or a dedicated headless system (example – HP MediaSmart server). For ease of use, a preconfigured system is ideal. Whether this makes sense depends on a few factors including price point sensitivity.
- As the number of machines needing backup decrease, the most cost effective solutions change from networked server, to simple network attached storage, to a single machine dedicated internal or external physical drive. Each of these approaches work at any scale, it’s simply a matter to understand the cost and management trade-offs as the scale of the operation changes. Despite the power of network based options, a machine dedicated approach is generally best for casual home users, and that generally reduces the issue to acquiring appropriate software, a hard drive, and configuring the system to achieve the desired results. Specific details to consider:
- Internal vs. external drives is a fairly neutral decision involving trade-offs of convenience, flexibility, and speed. Choose one.
- Have a firm recovery scheme in place and verification that it will work.
- Assume complete loss of the primary system HDD. Do you have a boot recovery option? If the vendor provides for creation of a bootable rescue CD, have you made one and verified that it works as needed?
- Do you have a verified image that can be used to reconstruct your system quickly? How do you know it will work?
- Do you have a location in which all key information needed to resurrect your system is maintained? For example, do you maintain all software serial keys in a single file (Excel for example) so that reinstallation of any software – old or new – is a facile event? If the application uses a vendor provided key file, is a copy is retained in a separate download folder specific to that vendor with previous versions of that application you’ve downloaded. All versions should be kept on hand as a guard against the emergence of future incompatibilities
Understand that assumptions made prior to a catastrophic event may not be addressable after the event (HDD failure) has occurred. Understand the initial assumptions made, question them, and adjust as needed. Finally, do you have a plan B? There are simply too many example threads on this site in which, in the heat of anxiety and confusion, a user has experienced a problem and has ended up blowing away their recovery option in their efforts to repair the system.
- Software Options: