Re: Setting up an external hard drive - partioning and sharing issues


"Anna" <myname@xxxxxxxxx> wrote in message
news:u%239xCI9sJHA.1088@xxxxxxxxxxxxxxxxxxxxxxx

Many thanks for your further clarifications. This is uncharted territory for
me, so here are some initial thoughts about the issues, which have probably
very simple answers.

You seem to be advocating a disk-orientated back-up strategy as opposed to a
file-orientated back-up strategy. The disk-orientated back-up strategy seems
to mean that the data in every sector of a source disk has to be compared
with the corresponding sector of a back-up disk - perhaps all 80 GB of
them - and the sectors that are different copied. (It may, of course, be
quicker to forget about comparing the sectors and just copy all the source
sectors to the backup sectors.)

In the alternative file-orientated strategy, only file records read from the
OS's file table need to be compared, and only the files modified since the
previous back-up need to be copied, perhaps just a few hundred MB. Which
files need to be copied can be determined by comparing just the file's size
and time stamp when last modified (or, more comprehensively, comparing the
full file table record) - there's no need to read and compare every byte of
the file in order to determine whether or not the source file has changed
with respect to the corresponding file in the back-up store.

This suggests that for daily backup purposes, the file-orientated approach
is much more efficient, even though it doesn't necessarily back-up all
system files, because only the file directories from each disk need to be
compared, and only files that have changed need to be actually copied. The
disk-orientated back-up approach seems to be more appropriate just before
installing some new software or replacing the hard drive of the computer, or
making any other major changes to the system, as it records the full state
of the disk.

Let me now return to security issues. With a disk clone, the disk clone
contains exactly the same file data as in the source disk, but there might
be a significant difference. Whilst in the source disk files are private to
the users that possess the necessary permissions, in the clone they might
become public/shared, otherwise how could the files be read when the EHD is
connected to another computer? This means that while the backup drive is
connected to a computer via the USB connection, a piece of malware, or an
ill-intentioned computer user, could read back-up copies of files which
would be inaccessible to it/him in the source disk and steal information. To
prevent this the backup copy would have to be integrally encrypted using a
non OS-dependent password. Encrypting all the sectors on a disc slows down
an already time-consuming operation, and since there may be many empty
sectors in the source disk, cracking the encrypted disk copy would be easier
than cracking individually encrypted files.

In the file-orientated backup strategy, all files that have been modified
since the previous backup could be read from the source disk, encrypted in
memory using a password specific to the back-up (i.e. not the key specific
to the currently logged in user, thereby avoiding any NTFS encryption
issues), and then saved to the backup disk. Since the files in the backup
disk are all encrypted, it matters not that they become shared. They can be
recovered to any disk, provided that the correct backup password is
supplied. Of course, any files that in the original source disk had NTFS
encryption would not be readable after recovery, unless the user took the
care to back up the certificate as well as the file.

So the question is: do the various commercial back-up tools on offer address
these issues? And what about the back-up and synchronization software that
usually comes with the external hard drive?

Regards,

EM





.

Relevant Pages

  • Re: Setting up an external hard drive - partioning and sharing issues
    ... compared with the corresponding sector of a back-up disk - perhaps all 80 ... This suggests that for daily backup purposes, ... contains exactly the same file data as in the source disk, ... achieved through the use of a disk-cloning program such as the Casper 5 ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Incremental encrypted backup on DVDs or similar media?
    ... such as DVD-RAM or MO disks; external hard disk drives are already ... used for secondary backup but this is required in addition. ... The same applies to creating a disk ... For encryption you can then use ...
    (comp.sys.ibm.pc.hardware.storage)
  • Re: Backup solution suggestions
    ... some kind of NAS. ... The data on disk should not be readable by anyone but me of the box should not be able to read it, at least not without a big effort). ... It is a proper backup system, meaning that it does incremental backups, etc. Storage pools can be encrypted. ... I dont want it to be readable outside of my box (without encryption keys ofcourse), so as soon as I send it of from my box I want it to be encrypted over the link, and down on the disk. ...
    (freebsd-stable)
  • Re: Disk/Partition encryption
    ... Get a backup disk, one that can be locked up, make a backup in a way ... that you understand and can verify and then reinstall the laptop fully ... In the context of a move to encryption the company does need a key repository policy. ...
    (Fedora)
  • Re: USB drive backup switching and security
    ... Relative Rev Backup form http://www.datamills.com currently support ... Unattended on the fly encryption is scheduled for beta mid-October, ... Hourly/Daily/Weekly/Monthly restore points without needing to multiply disk ... This is a full server backup and contains ...
    (microsoft.public.windows.server.sbs)
Loading