Are You a Security Paranoid Without Backups

in security •  8 years ago  (edited)

Repeat after me: Without good backups there is no security. Without good backups there is no security. Without good backups there is no security....

Perhaps, like death, horrible things happening to one's computer equipment is something that will never happen to ME. Maybe that is why so many people cannot be bothered to implement even a rudimentary backup system. But given enough time all kinds of bad things do happen eventually: hard disk failures, lost or stolen laptops, hacked(!) / malwared / otherwise compromised computers (which should be re-installed from scratch from older backups), etc.

Even if you have one backup method setup, manual backups are often forgotten, and automatic backups running out-of-sight under the hood often fail silently. A really GOOD backup arrangement needs multiple redundant backups in multiple locations. If one wants good security, one NEEDS this, it is not optional, and should be first thing on the todo list.

If this seems like a big task, in aggregate it probably is. But even more than most big tasks, this one responds really well to being approached as a series of small steps. I will now make some suggestions for what those small steps could be:

Synchronization

Unison[1] inspired my own first backup system. (Sadly, I think unison is not available on Windows, but I am sure there are other similar options.) Unison allows one to perform a two-way synchronization between directories on two different machines. I run this every day, and it usually takes less than a minute. The result, with just a little care, is two machines that are almost identical. If one fails, just turn on the other one and pick up where you left off, having lost (at most) a day or so of changes. This obviously is particularly handy for anyone who often moves back and forth between desktop and laptop. The downside: there is only one backup, the latest one. What if you deleted a file weeks or months ago, and wish to now recover that?

Manual Archive

Use your favorite archiver (zip, tar, whatever) to bundle up important files into one archive file. Preferably encrypt the result with GPG. Copy the result to a (preferably very large) USB hard disk. Do this every month, and once the disk becomes full, just prune older backups down to once per quarter or once per half year. And now one has long term backups. I have been doing this for years, and more than once have been happy to dig a file out of an old archive.

Offsite Backups

The above are really, really simple to setup and do, and already results in two independent backups, one of them long-term. However, what happens if your house burns down? Or your obnoxious neighbor tells everyone you are a "terrorist" and the FBI swoops in and confiscates every piece of hardware in your house? It is really important to also have off-site backups, preferably in another country, even better in multiple other countries. There are many services that make this easy, most particularly very cheap cloud servers, but also do not forget friends who also want to do the same -- an exchange, anyone? This can also be a manual operation, but I would really recommend a little more effort here because large file transfers over great distances can actually take quite a long time and are good candidates for automation. I currently use two pieces of software (one would be enough) to sync multiple gigabytes of files to multiple servers around the world (and in my house, and to the house of at least one friend!):

Resilio (formerly Bittorrent) Sync[2] is probably a bit easier to setup and use, but is not Open Source and the free version is a bit crippled. But for simple setups, it will probably work fine.

Syncthing[3] is fully Open Source, probably does not work quite as reliably as Resilio Sync, but is under heavy development and there is no paywall. And Scaleway, for instance, offers Syncthing[4] servers right out-of-the-box.

Both of these are peer-to-peer file sharing applications that (routers and network willing) can potentially sync directly between your and your friend's house, no servers required. Also, being peer-to-peer, there are no size limits. I not only use these for off-site backups, but also within my house to share many tens of gigabytes (video and photo collections, etc.) of files between multiple devices, including Androids. Very, very handy, no going back to manual file copying once you have tried them. Like Dropbox, just copy a file into a designated folder, and a few minutes later it is everywhere, on all the shared machines.

Setting up these kinds of synchronization software is a bit more work up-front than manual backup methods, but once setup should serve you well for years without major adjustments.

Fully Automated Backups

All of the above involve at least some element of manual, potentially forgettable, interaction for backups to happen. There is a whole class of dedicated backup software designed to solve this problem. Some of the commercial solutions are surely quite easy to setup and use, but I would not know because I have never used them. I will suggest a couple free Open Source applications that I use that work for me but do require a little effort to install and configure.

If you know your way around Linux a little bit, Backuppc[5] should be in every distribution's repositories. There is a little configuration file editing required to setup a machine for backup (and of course, the setup of passwordless SSH login for backuppc) but as server applications go, configuration of this one is really minimal. And you get a management GUI to view backups and do restores. Note that backuppc, when it is running, consumes a considerable quantity of system resources, but minimal disk space because it compresses and de-duplicates all files.

For the hardcore Linux guy, obnam[6] is a Command Line Interface (CLI)-only app that runs from cron, no GUI whatsoever, that compresses, de-duplicates, and (optionally) GPG-encrypts. This makes it really ideal for pushing backups to public servers. obnam also uses very minimal resources when running. But everything is very, very manual.

I hope this inspires a couple people out there to make a at least a baby backup step!

[1] http://www.cis.upenn.edu/~bcpierce/unison/
[2] https://www.getsync.com/
[3] https://www.syncthing.net/
[4] https://www.scaleway.com/imagehub/syncthing/
[5] https://en.wikipedia.org/wiki/BackupPC
[6] http://obnam.org/

security backups
8 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    6 votes
    0
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!