Tuesday, June 23, 2009

The ups and downs of backing up

My experience is that any and every user appreciates the importance of backing up your stuff, but when it comes to actually doing it, almost nobody does it, and even some large organizations are failing at it. Backup failure isn't necessarily "not doing it at all", but can also mean that it's done improperly. A proper backup is such that a person or organization will never, under any circumstances, lose more than a day's worth of work. Before we even go there, I should stress one important fact - many users, and even experienced system engineers often confuse between backup and archive. Backup is when you copy your current data to another storage medium, so that if something happens to the original, you can restore it and not lose anything. Archiving is similar, but opposite - you copy your data to another storage medium, and then delete the original.

For example, many people burn DVDs with their older files and delete the originals, and most of them consider this a backup. This is, in fact, an archive, but few people are aware that a recordable DVD has a limited lifespan, and is very sensitive to physical harm. Putting your photos on a DVD and stowing it in the closet is not safer than storing food in the trunk of your car. Often, we discover this only in hind-site, when trying to recover a file from a disc burned 3 years ago, only to discover that it's partially or completely unreadable.

I believe network engineers won't need to read this, so I'm addressing this to the home user, mostly. For a backup to be worth anything, it has to meet some basic principles:
1) It has to be done to a media with at least SOME reliability.
2) It has to be done frequently.
3) It has to be stored in a place that is safe, but not too unreachable.
4) It has to be tested routinely.

What does all this mean? Well, 1st, this means you should not use a media that's unreliable. A writeable DVD, for example, has a low reliability rating, while a hard drive has more. That's not to say that a hard drive is bulletproof, but it's usually more reliable, and also easier to detect if it fails. This is because if it dies, you would usually be able to hear it, and respond by replacing it, while if a DVD stops being readable, you'll only find out when you put it in the drive. A high level tape drive, like an LTO or DLT is also very reliable, although these babies start at a few hundred dollars, so would be off the table even for some business customers.

A frequent backup is also important. Many users start this with full intentions of going all the way, but after a while, they kind'a give it up, and forget to backup for weeks or even months. Typically, you remember to do it right after your hard drive crashes, of course. A good way to avoid this pothole is to setup some automatic backup mechanism. If you use an external drive, for example, this can be done rather easily, and many external drives even come with the software. If not, Windows has a built in backup mechanism which is quite effective (especially the one that's in Windows 7!).

3rdly, if a lightning strikes your house, or a fire breaks out, the backup won't do you much good if you leave the DVDs next to the computer or leave the external drive connected. One should strive to keep the backup as far away as possible from the computer, although not too far. If you store it across town, you might have a good excuse to forget to backup. Also, if it's that far, you might become too lazy to drive over and get a file if you need it. A good solution could be to have a reciprocal agreement with a neighbor - you hold their drive during the week, and they hold yours. If you have an detached garage or storage shed, this could be good too (although, take care to prevent the drive from freezing or getting too much humidity).

Lastly, a backup that's untested will often fail you at the worst possible moment. You might discover that it hasn't actually run for over a month, or that some files are unreadable. A good practice is to test the backup around once a month. If you have a calendar like Outlook, you can use it to remind yourself to check it now and then.

One more thing - many people feel that buying a large drive just to store backup on is wasteful. In a way, that's true, but if you want to save some money there, you might consider getting a refurbished drive. These are inherently less reliable, but since you can easily detect if it stops working, it could be a suitable solution anyway. Also, keep in mind that you can activate folder-compression on it, as performance is less of an issue, and so use a drive smaller than your main one.

Monday, June 8, 2009

This car has more than 9 Lives

Most of us obsess about retaining our data - we buy large hard drives, burn countless DVDs and protect it all with RAID controllers and UPS devices. What many people care much less about is making sure that discarded data is really gone. How many times have you thrown a dead hard disk in the trash, wiping a tear for your lost files? Did you consider that a person with sufficient technical skill may grab it from the trash, recover the data and make some coins off it?

Well, the issue of data destruction has been the center of much debate. Most people are already aware that deleting a file doesn't really erase it - it simply deletes the reference to the file in the disks directory (I'm talking about actually deleting, not moving it to the trash, which doesn't delete anything), while the data is still there, untouched. A file that has been deleted can be re-created simply by finding it's 1st sector, and creating a file entry that points to it. Once you delete a file, it can be overwritten by windows, as it the system creates new files. the new files might overwrite some or all of the file's original sectors, which are now marked as free, but these sectors can also remain untouched for years.

Some people will go the distance, and actually format the hard drive before throwing it away, but this too is not sufficient. Restoring a formatted drive is more time consuming, but certainly possible. The US Department of defense probed this issue in the past, and produced a standard, known as DOD standard 5220.22, that instructs exactly what to do to erase data properly. Later on, there was some debate as to this was safe enough. Some expert claimed that you would need to overwrite the data over a dozen times, and that has been misquoted repeatedly in the press since then.

Security experts are very much concerned about erasing data securely. A company cannot risk it's commercial data falling into the wrong hands simply because somebody was too lazy and took a shortcut with the disk. Same goes for other types of media - DVDs, backup tapes etc. Even a lost cell phone could present a serious security breach, as it could include phone numbers of sensitive customers, sensitive emails or meetings etc. I would like to take this opportunity to debunk some myths about data destruction.

1) Hard drive demolition derby.
• A common method of destroying disks, by punching a hold through them, or banging them strongly with a hammer is far from secure. It's not easy to recover in this condition, but it's certainly possible.
• With modern IDE and SATA disks, using a 5220.22 secure erase software is very safe. there's no need to overwrite everything dozens of times. The need for that kind of rewrites referred to some very old MFM drives.
• Using software erasure is pretty slow, but it can be done unattended, so setting up some dedicated old computer for that is pretty easy. Just make sure no one tries to steal the old drives from that station.
• A very effective way to destroy a disk is to take it apart, and separate the plates from the other components. Dumping the plates in a different trash facility makes it pretty much impossible to recover.
• There is a technique that allows data recovery off a drive in almost any condition, but that process is so lengthy and expensive, that most experts would consider it irrelevant. Recovering data from a disk that was physically destroyed would cost so much time and money, that even government agencies don't bother with it.
• Take care to monitor old computers - many times people upgrade the disk and don't think of giving the old disk back to the IT group for sanitation. Some even take the old disks home, thereby exposing the company to huge risks. This also goes for computers that are being retired - don't sell them to 3rd party companies without either sanitizing them, or making sure that the buying company commits with a contract to do this to ALL disks.

2) Other media types:
• Recovering data off other media types, such as tapes, CDs, floppy's etc is rather easy, but these media types are also much easier to destroy. Even a little heat can totally kill an optical disc, and a strong magnet can kill a tape almost instantly. I would, however, recommend a process is used for this - don't just break a CD, and don't pop it in the oven - use a CD shredder, which costs very little these days.
• Users often overlook CDs as a potential security risk, and often throw them in the trash. A security officer would be wise to issue a recurring reminder to all employees to collect discarded CDs and DVDs and have the IT or security department dispose of them securely. This goes not only for data disks, but also software - if someone finds and uses an old copy of windows for illegal purposes, with the company's serial number, it could lead back to the company and carry legal repercussions.
• Many people carry around USB drives to take a file or two back-and-forth from/to home. This is a big risk as these drives rarely get formatted, and often are lost. I would recommend any organization introduce a security mechanism to block such devices altogether, or at least control them with a policy (for example, require to have them signed by corporate security before they are allowed in)

Tuesday, June 2, 2009

Click YES/NO to format hard drive

One of the problems we are still facing in the world of information security is that people still have a built in tendency to trust authority figures. If it looks "official" enough, most people will trust it and follow, like lambs to the slaughter. This caused the infamous "MS Antivirus" nag ware to be so effective - it's made to look like it was made by Microsoft, and most people just trust it and believe it's real.

A more interesting, and frightening case of being fooled by software is illustrated by the tale of G-Archiver. This free utility is designed to allow the user to backup his Gmail account to his local computer. Generally, this is a good idea, as one never knows when his account might be frozen or accidentally deleted. In this case, however, it has been discovered that the program works in a way that's insecure, to say the least, and borderline identity-theft. Apparently, the software is coded to send an Email back to its creator, with the credentials of any user who uses it (you are required to give it our credentials, so it can download all your message for backup). A programmer who investigated it discovered that the developer's Gmail account was full of user+password info for thousands who downloaded the used the program. Even worse, it also turned out that the developer embedded the credentials of this account (where the passwords are being sent to) in his code, so anyone with the right skills can access it and harvest all these users-names and passwords.

If you are one of those who used this software, now would be a good time to change your Gmail password. In fact, it's a good idea to change it once a month anyway, although I don't fool myself into thinking that any normal person will actually do that. Well, I hope that you at least change your PayPal password now-and-then. What's frightening here is that most of us, even experienced Sysadmins and security experts, trust programs we download to do what they say. Few, if any of us, check if a program contains spyware, and few have the skills to check for the kind of behavior mentioned above. Your credentials or private files could be circulating all over the net without you even suspecting it. On a similar note, many people install file sharing applications and share their entire drive, without realizing that all their personal documents are readily available for everyone. Want proof? Open up some file sharing program and run a search for "my cv.doc" - you will find many!

Some organizations have configured domain-enforced policies that prevent installation or even downloading of unknown software, but that's only been done within a handful of companies. If your org considered it, it was most likely rejected for political reasons - it's not easy telling everyone that they can't install anything on their computers anymore - it sounds fascist, doesn't it? If you ask me, this is already a necessary step right now, and it's only a matter of time before more security administrators or CEOs realize it and make it happen. At home, it's even worse as there are no mandatory settings. We have the technology to sign software by a trusted publisher, but hardly anyone uses it. Perhaps it's time, before the next wave of a Conficker-like worm hits all of us?