making a security plan to protect my computers

Discussion in 'backup, imaging & disk mgmt' started by wampmonster, Dec 20, 2013.

Thread Status:
Not open for further replies.
  1. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    Hello
    I am not a security professional. I run a business from home with two desktop computers. They both run Windows 7. Mostly they don't form a network except when I use a wireless transducer. The main internet is ethernet.

    Anyway, I need a plan of backups in case I get hit by cryptolocker or something just as nasty.

    I have: two external hard disk drives, paragon installed on both computers, and antivirus on both computers - Kaspersky on one and avast and malwarebytes on the other. Thus I don't know the following:

    - how often should I backup to my external hard drives? Too soon and the external backup could become useless due to also being malwared. Too seldom and I could risk not having backed up a ,lot of recent business documents.

    - anything else that I should do?

    Thank you.

    p.s I don't know if this is the right thread. If not please move it to a better one.
     
    Last edited: Dec 20, 2013
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    1. Make sure whatever software you use for backup has file versioning, meaning that you can retrieve previous versions of files if necessary.

    2. Be aware that CryptoLocker can encrypt anything it can "reach," including your external drives if they're "reachable" by an infected computer. So you want to make sure that you have at least one external drive that isn't connected to any of your computers for awhile - perhaps a week. You'll need at three external drives to guarantee this. Start by using Drive A, backing up as often as you wish to it. After using Drive A for a week, put Drive A somewhere safe (preferably at a different site from your home, in case of a fire, etc.) and start using Drive B. Back up as often to Drive B as you wish for a week. After a week is up, store Drive B somewhere safe (preferable away from your home), and start backing up to Drive C for a week. After a week is up, put Drive C somewhere safe (preferably away from home) and start using Drive A again for a week (then B, then C, then A, then B, then C, etc.). If you're wondering why two external drives aren't sufficient, note that during the transition from using one external drive to another, both drives have been possibly "reachable" by CryptoLocker very recently.

    3. Consider also using an online backup service such as SpiderOak that has file versioning. This gives you extra protection in case CryptoLocker encrypts some (or all!) of your external drives.

    4. Consider periodically backing up to DVD media, especially if you aren't going to use an online backup service. CryptoLocker doesn't alter DVD media, as far as I know.
     
    Last edited: Dec 20, 2013
  3. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    Cryptolocker post-launch is 'scary' but it's execution is easily blocked through application whitelisting at the moment so you might want to consider this from the angle of prevention.
    For recovery, backup is essential. Frequency depends on how important the data is and how much work/changes you can afford to lose.

    One thing you can do, in addition MrBrian's excellent suggestion, is to exclusively use a Linux Live CD/USB to transfer/backup data to at least 1 external drive.
     
  4. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    Thanks for the help! Much appreciated.

    OK. This morning I bought 2 seagate external backup drives. So Now I have 3 [1 I bought 3 years ago that was 1 TB] and these 2 2 TB each ones. I've labelled them A , B and C. I've been using paragon backup with A only up to this time, and I've used smart backup and last time a differential smart backup. I am not sure what a differential back up is or whether I should use that. I am reluctant to do bare metal back ups because I have such large C drives and partitions on my computers.

    I hadn't heard of Spider Oak. But I downloaded it. It looks good. But I am reluctant to put my sensitive business documents into the hands of a 3rd party in the cloud. I would only consider doing so if my cloud backup was encrypted, so that even if someone looked through it they would probably not read anything.

    I also use usb sticks to transfer files between the 2 computers. I could in theory do this with the wireless transducer but it is a hassle as wireless drops out. I don't know where my usb sticks would be left if I got cryptolocker; would they be infected?

    Thank you.
     
  5. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    I guess that it helps to ask "what do I need to restore?"

    It would be:

    computer A = business reports, business photos for engineering sites [priceless] and a priceless set of spreadsheet data.

    computer B = a huge number of software programs and their activation codes [backed up onto usb sticks] and in some emails], emails on thunderbird for which I use mozbackup.

    So you start to see the complex alphabet soup of "what would ruin my life if I lost it?"

    p.s I have Windows 7 installation disks so putting Windows 7 back onto both PCs would not be an issue. The issue would be to do it cleanly. I don't know if I have ever downloaded an external DBAN anywhere.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    I'm not too familiar with Paragon Backup, as it's been years since I tried it. There are Paragon forums here at Wilders if you have specific questions about using it.

    Differential backup.

    SpiderOak does exactly what you wish for. See https://spideroak.com/engineering_matters for more details.

    USB sticks could certainly be affected by CryptoLocker if they're plugged in.

    I recommend periodically restoring your data files to a temporary folder. Then you can see that your files really are backed up properly. You could also use a program such as FreeFileSync to compare the original files to the restored files in the temporary folder.

    In case you're wondering, I use Areca Backup for backing up data files, Macrium Reflect for bare metal backup, and SpiderOak for online backup.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I highly recommend checking on the Paragon forums for the suitability of using it in conjunction with a round-robin scheme like I proposed. If Paragon isn't suitable, then I'd recommend using a different backup program, or maybe a sync program with file versioning support (such as FreeFileSync) instead of a backup program. If you decide to use FreeFileSync, I can help you with it.
     
    Last edited: Dec 21, 2013
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    There is a downside to the plan that I proposed: if you need to get an older version of a file, the version you want might be on one of the two external drives that are offsite (assuming you're storing them offsite to protect against fires, etc.). If you want to protect against this, you could use a fourth external drive (I'll call it Drive M here) and backup on the following schedule:

    Day 1: A
    Day 2: M
    Day 3: A
    Day 4: M
    Day 5: A
    Day 6: M
    Day 7: A
    Day 8: B
    Day 9: M
    Day 10: B
    Day 11: M
    Day 12: B
    Day 13: M
    Day 14: B
    Day 15: C
    Day 16: M
    Day 17: C
    Day 18: M
    Day 19: C
    Day 20: M
    Day 21: C

    On day 22, you repeat the cycle above, starting with Drive A again.

    Drive M never is stored offsite - it's always at your home. If you need an older version of a file, Drive M would be the most convenient drive to search first because it's backed up to frequently and without long gaps, and it's always at your home.
     
    Last edited: Dec 21, 2013
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I believe (although I'm not 100% sure) that Areca Backup can be used with the round-robin scheme that I presented here. Since I use Areca Backup, I can help you if you decide to use it.
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    On my PCs, I separated the operating systems and user data to separate partitions. Since my desktop regularly contains user files, I moved it to the data partition. Separating the OS and user data makes the backups much smaller and simplifies the process of deciding when to make a backup. I store both on an external hard drive which is powered down unless needed.

    For the system partitions, XP and 98, each on their own partition, I'm presently using an old version of Acronis, specifically the rescue disk. For my purposes, the rescue disk is sufficient. The complete program is more than I need and adds additional processes that I don't want. I always have a backup of the OS partition(s) in their current state. If it gets compromised, the backup is an exact duplicate. I create a new backup after every update and after installing or deleting an application. Since I manually update everything that I'm going to in one session, (system patches, new versions of apps, etc), it cuts down the number of system backups I need to make.

    For the data partition, I use 7zip. I chose 7zip for several reasons:
    1. It has a very high compression ratio which makes for smaller backup files.
    2. Although slow on high compression settings, it can run in the background while the user does other things.
    3. Data backups can be scheduled using the system task scheduler or done manually.
    4. The user has complete flexibility over what gets included in each backup.
    5. Individual files can be extracted from existing backups.
    6. 7zip integrates with apps like WinMerge which allows the user to compare the contents of the backup archives. It can also compare an archive to an existing directory set to determine if a backup is needed.
    7. The contents of the 7zip archives are accessible from any operating system.
    8. The archives can be encrypted and password protected.
    How many backups you keep of each type can depend on how much space you have. For data backups, I'd suggest the last 2. If one fails for any reason, you still have the previous one. For system partitions, I keep the last 2. I also keep a copy of the original core system which contains the OS, necessary drivers, core security apps, 7zip, etc. I also keep backups of a few test systems/experiments that don't (yet) work well on virtual hardware.
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Like noone_particular, I also have a separate data partition for each computer. I backup data files in the data partition to a Backup folder in the data partition using Areca Backup. I backup the partition with the OS+programs to a Backup folder in the data partition using Macrium Reflect Free. I then periodically use FreeFileSync to mirror the contents of the Backup folder in the data partition to an external drive.

    Areca Backup can be configured to satisfy all eight points in noone_particular's list except maybe point #6. A big advantage of Areca Backup over 7-Zip is that Areca Backup can do incremental backups (backing up only what's changed since the last backup), and thus keep file history over a much longer period of time without taking up too much extra space.

    Periodically I burn copies of backup files in the Backup folder to DVD media. Macrium Reflect Free has an option to split its backup files into DVD-size chunks. Areca Backup doesn't have this option, so I use 7-Zip to create a temporary archive containing DVD-size chunks for DVD burning.

    I use SpiderOak to backup the most important subset of my data files online.

    I didn't recommend some of these things to wampmonster because they may involve more technical expertise. My recommendation to wampmonster is the round-robin backup strategy that I mentioned above, with FreeFileSync syncing the subset of his/her files that constitute data files to an external drive. FreeFileSync has include and exclude filters so that you can specify a subset of files to backup. I also recommend using FreeFileSync's file versioning feature.
     
  13. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    Thanks for giving me a lot to think about!

    OK. There are some unique issues for my situation if I have any round robin scheme:

    First, I have as I said earlier two computers to back up. Because this is a home business with 2 people working on the computers there can be long stretches of time when I don't get physical access to both computers. That is because I have to interrupt the person who is working on it to do a backup! So I can go for weeks without being able to back up computers, especially the computer with the photos and business data on it.

    Second, because this is a home business the home IS the business. So there is nowhere else to move a drive offsite TO!!!! I could I suppose put a drive in a bank safety deposit box. That's the only possible way that occurs to me.

    Third, Spideroak may be a great tool. But in a way that misses the point. I have other people's information in business reports: their names, home addresses, phone numbers, their sensitive legal information that often goes into court cases as expert witness testimony. Now, is it moral for me to put their personal information into the hands of a third party? Especially when I can't possibly ask the opinion of hundreds of different people who are in the reports - that is just silly . Moreover even if I could ask them many of them are elderly people who have never seen a computer. Trying to explain to them what spideroak is would be as useless as speaking French to a butterfly. Thanks for suggesting spideroak. But I don't consider that I can ethically put other people's information onto it.

    So you start to see some of the unique difficulties and subtleties of a home business environment when it comes to a backup/defensive plan for data. I will think about the other products that were mentioned. I have to admit that I am finding Paragon a bit hard to use. I find it hard to see what kind of backup in it leads to what outcome.

    Thank you.
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    See Automatic Backup with FreeFileSync for how to automatically schedule backups with FreeFileSync. You could schedule the backups to happen at night while employees are away. With the four drive scheme that I proposed, you could have one external drive always connected to each computer. One computer would be connected to Drive M, and the other computer would be connected to the current round robin drive. At the beginning of each day, an employee could swap the backup drives (Drive M with the other one). At the end of the week you can change the round-robin drive to the next one, taking the one you had been using to a bank safety deposit box. The nice thing about using a sync program like FreeFileSync is that you can browse the external drive and easily see its contents. If you're interested further, let me know, and I can tell you the folder scheme to use on your external drives. By the way, there's nothing magical about the one week interval that I proposed using for each round robin drive. You could make it longer if you wish, such as two weeks or a month. A longer round robin interval increases the length of time for which recent changes could potentially be lost, but also gives you more time that you can avoid swapping round robin drives into contact with an infected computer.

    FYI about SpiderOak:
    There are some exceptions though if you use certain features - see https://www.wilderssecurity.com/showthread.php?t=357349.
     
    Last edited: Dec 21, 2013
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Thanks so much for this MrBrian :) I've been looking for something like this recently for backing up log files at work :thumb:
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    FreeFileSync also comes with a program called RealtimeSync that syncs using FreeFileSync whenever changes are detected.
     
  17. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    I am afraid that my situation involves even more complexities of the home business environment:

    I have computer A = uses ethernet

    computer B = can be put onto the internet but only with a transducer from Computer A. In other words Computer B can only use the internet if computer A is already on the internet at the same time. Now, this leads to the following outcome: I could in theory have computer B on all night and being file synced as a backup BUT to do this computer A would have to be on and computer A is in a bedroom where my dinosaur business partner who uses a PC like a typewriter wants to go to sleep. Thus he can't sleep with modem lights on etc so I have to have computer A off at night. Thus that knocks out any chance of computer B being on the net beyond about 11 PM.

    So no, that is not really an option. Sadly.

    Running a home business is a weird oddball situation where many technical solutions don't work out for practical reasons.

    But thanks anyway. I will have to come up with some other way of backup that works regardless of the above issues.
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Then you can schedule a FreeFileSync backup to occur during the day, perhaps during an employee's lunch (you do let them eat, right? ;)). It shouldn't take very long, except for the initial backup. I doubt a backup will take more than a few minutes, except for the initial backup.
     
    Last edited: Dec 21, 2013
  19. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    I will have a look at freefile sync.

    During the day is possible if it doesn't take long. Let me look at it for a few hours and I will come back to post what I think of it.

    Thanks again.
     
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    When evaluating it, be sure not to miss the Filter button. You can use it to include specific file types and/or folders and/or files in your sync.
     
    Last edited: Dec 21, 2013
  21. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm not one who particularly trusts online backups when it comes to the privacy of the data. Given the type of business data you describe, I'd be very hesitant to use any online backup solution. Regarding backing up data to an external drive, how real is the risk of someone breaking in and grabbing that external drive? Such an adversary could accomplish the same thing by taking the actual computer. IMO, these would be reasons to use 7zip for data backups. It doesn't require internet access and can run in the background while the other person is working. You could also plug it in and let it run at night. If you set up the backup task in the scheduler, all the other person would need to do is plug the drive in and turn it on.
     
  22. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    One thing that surely must be factored into any scenario is the "submarine attack". That is, there can be time gaps between when malware X got onto your system and when it showed itself. The longer the submariner activity the longer you have to go back to a clean backup on an external drive. This is even more vicious with cryptolocker's wiping of shadow files so that system restore is nuked.

    So the question is "how defensive should someone be?"

    The most defensive approach would be to keep one backup forever without ever connecting it again to a computer - in the deep bunker as it were. Then use other back up drives in whatever rotation desired.

    That is what really scares me the most about malware - that submarine aspect.
     
  23. wampmonster

    wampmonster Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    15
    Another aspect of complexity is to ask "what is your most vulnerable attack vector for malware?"

    For me it would probably be via emails. Sure, I use thunderbird and avast scans my emails. But I do get my share of spam rubbish and phishing emails, all of which I trash without opening. But I have to say that if cryptolocker gets onto my computers email is the most likely source. Web stuff is less likely. I run firefox with noscript and I don't go to dodgy sites.

    So if I could have my email in some way separated from the rest of my computer that would be one good defensive measure. I have sandboxie but it doesn't seem to want to sandbox thunderbird. Of course malware writers are always working on breaching sandboxing; I am not suggesting that it is a magic solution.
     
  24. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Then you'd probably want to increase the round-robin interval of use for a given round-robin drive to perhaps 2 weeks or maybe 1 month. Also, you could use more round-robin drives than 3. The other thing you can do is make DVD (or Blu-ray or CD or whatever) backups periodically.

    I use FileVerifier++ to periodically audit changes (additions, deletions, modifications) to my data files. If you're interested, I could post a detailed explanation of the procedure that I use.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.