Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Ryan_Vickers

[Guide] Choosing The Right Backup Method(s)

Recommended Posts

Posted · Original PosterOP

First off, I highly suggest you go read the guide linked below, as it covers a lot of important information that this will not.  However, I hope to cover a lot of things that it doesn't, so read this too when you're done :P 

As a TL;DR of the most important section though, just know that you should have at least 2 (or more) copies of your data, on physically different devices, and in physically different locations.  This means the copy on your computer, plus an external drive, plus a cloud backup, for example.  If anything goes wrong you have at least 1 other copy of that data in a safe place from which you can recover.  Why do we recommend these two methods specifically?  Well that's what I'm going to get into here.

 

Why So Many Ways?

There are a lot of ways to protect your data and each of them check a few boxes, but none of them check them all.  This is why you need to combine multiple methods to ensure you are fully protected.  In the following sections and figures I will be examining which ways are good for what, and what they aren't so great at.

 

The Ideal Scenario

Here I will be comparing the various ways you can protect your data under the assumption that you run backups as regularly as you need to.

 

Capture.PNG.948c71fe087054d53f0b22e03caf1b8c.PNG

 

On the left are the kinds of events that are likely to cost you data, and along the top are 4 possible techniques that one could use to mitigate that loss.  The meat of it shows you how those techniques are able (or not) to deal with the different threats.  You'll see that superficially, an external HDD and cloud backup combined check the most boxes*, but lets dive deeper:

(*you might think cloud alone would actually do the trick but I'll discuss that later too)

 

External HDD

  • It protects you from ransomware because you can just plug it in and copy the files back from it, provided you've wiped your computer of the infection.  If not, it will just take your backup too as soon as you plug it in.  I think this is common sense though, so I'm giving this a full "yes".
  • In the event of accidental deletion, again, you can just plug in and recover.  That's a "yes".
  • It protects you from data corruption too, but with a caveat: you have to notice that your internal drives have become corrupt and then restore from your backup.  If you continue backing up corrupt data over your backup, you will just corrupt this too.  I think this is something people often overlook, so I'm giving this a "maybe"
  • It fully protects you against drive failure, since if you lose the internal drive, just buy a new one and copy your files from the backup.  This gets a resounding "yes"
  • It your house burns down, is flooded, robbed, etc. your external backup will not save you from this however.  That's a "no"

Overall this is a pretty good option, and it's one I recommend as part of a healthy backup strategy.  It's fast, it's totally controlled by you so you don't need to rely on or worry about some other company and their success or methods, and it's by far the cheapest.  The main downside is it doesn't protect you against local, physical threats, which is where the others come in.

 

Always-on Cloud

  • Depending on if your cloud service has versioning or not, it may or may not protect you from ransomware.  If your files get encrypted and those encrypted versions are uploaded over the old ones which get lost forever, it's not going to help you.  But if you can roll back to a previous date, then you have nothing to worry about.  For this reason it gets a "maybe".
  • OneDrive for example does not have versioning but it does have a recycle bin, so you would be protected from accidental deletion, so long as you notice within 30 days (the auto-delete threshold for items in the bin).  Because of this I'm giving it a "yes", but in the unlikely event that your service offers absolutely nothing in the way of history, it would be a "no".
  • Again depending on if you have versioning for your service, this may or may not protect you.  It gets a "maybe".
  • As with everything else in our list, it will save your from drive failure as well.  Just buy a new drive and let your files download to it.  That's a 10 "yes"
  • Unlike every other solution in our list, it will protect you from a total loss of your home due to flood, fire, theft, and more.  And because cloud services are generally well-run and highly redundant and distributed, even if they lose a physical location your files are almost certainly safe from even an asteroid strike directly to the data centre.  Another resounding "yes".

Cloud services are the only way to protect yourself from physical threats, short of manual off-site backups but that's just not a viable option for many.  They vary in price but Microsoft offers 1 TB for $70/year or 5 TB for $90/year, split over 5 accounts if you get the family plan.  Both of these also include the always up-to-date Office 365, and more.  Personally, for the peace of mind this offers, the price is reasonable.

 

It is worth considering however that your data is at the mercy of however the company decides to treat it, and if they were, in the extreme case, to go bankrupt, you may never see it again.  This is why having only a cloud backup is not recommended.

 

Occasional Cloud

This can be an entirely different service that simply does not offer live syncing, or it could be an always-on service like OneDrive that you just don't open very often.  It could even be an External HDD that you manually store off-site, with a friend, etc.  Regardless, the change in frequency has some effect on how it can and cannot protect you.

  • Because it is not constantly syncing changes, you are inherently protected from ransomware, just as you would be when using an external HDD.  It gets a "yes"

In fact, there's no point in going through all the other points because it is exactly the same as an external HDD, except for one difference - the fact that it is in the cloud means that, as with the always-on cloud, you are protected from physical threats.

 

I believe Amazon offers an "occasional cloud" service that is (potentially considerably) cheaper than OneDrive, but that's because (as far as I can tell from my research) the software is very crude, and it can only ever act "occasionally", unlike OneDrive which you could use however you want.  Plus you'd be trusting your data to a company that only recently figured out that offering two-factor authentication is a good idea, and allows it to be overridden with SMS messages, so take that as you will :dry:

 

RAID

Ah, RAID, this has always been a fun one for me.  Every now and then you see it recommended but I get the feeling people don't really "get" the pros and cons of it, so let me explain:

  • If you need absolutely unmatched uptime and can't afford to worry about a drive failing - if you need to be able to swap them out live without even realizing something happened - then RAID is for you.  There is nothing better at protecting you from drive failure up to the second.
  • If, however, you can afford to recover your data from a backup in the event of a failure, you really don't need it.  And this is a key point: many other techniques also protect you from drive failure, so if you already have a robust backup strategy in place - which you should regardless - supplementing with RAID (because it's not a replacement for anything) is only going to increase the cost, with the only benefit being you will shrink the region of opportunity where you can lose data from the time between backups (which might be near 0 already if you have an on-line cloud setup) to virtually 0.  Is that worth it?  Personally I say no, but you be the judge for your own setup :) 

So now let's get to the list:

  • It keeps everything synced in realtime, so those files that are getting encrypted?  Yeah, it's happening on the whole array, no chance of recovering them.  Fail
  • Accidentally delete a file?  It's already gone from your other drives.  Fail
  • Again, everything is kept in sync, so corrupt a file and it is clones to everything immediately.  Now, I should mention that if you have a sufficiently advanced system that can notice when one drive has corrupted a file while 2 or more others agree on the original data it is possible it could correct the copy on the bad drive and protect you in this way, but I'm not sure how common that is, and if you corrupt a file by starting to save over it and then lose power or something, you're not getting that back with any system.  Fail
  • Already talked about drive failure, that's something it does well.  Pass 
  • And finally, if one drive can be stolen, your array can be stolen too.  It does nothing to help here, so that's one more Fail.

I should add that in some situations running RAID can even put your data at greater risk than it would without it.  Aside from the obvious RAID 0 example, where losing any of the drives means you lose it all, there is the risk of corruption to the RAID system itself due to power failure, failing hardware/controllers, etc.  There is a time and a place for it but I believe that it's not in the home.

 

The Less-Than-Ideal Scenario

Here I will be reviewing the same list under the assumption that you don't backup as often as you should.  Unfortunately, this is probably most people.

 

Capture2.PNG.d3ea0eab9c309902c34708c279dd42ec.PNG

 

Rather than go through the whole list again, I will just touch on the differences.

 

External HDD

A backup is only as good as it is recent, and if you haven't run it in a while, the file you need could be the one you haven't backed up yet.  This means that, given an infrequent enough schedule, an external HDD can be rendered virtually useless.

 

Always-on Cloud

These are fantastic for those too lazy to backup regularly, as you can see, nothing has changed, because they don't rely on you telling them when to run - it's always up to date :)

 

Occasional Cloud

It suffers from the same problems as the external HDD - don't run it enough and it won't do you any good.

 

RAID

Again, nothing has changed.  Well, perhaps with one exception.  Without a proper backup strategy in place, the protection that RAID gives you against drive failure becomes even more valuable.

 

Conclusion

So that's it!  The lesson is have several backups, pick several different methods that compliment each other, and DO IT REGULARLY! :D 

 

As always, I hope this was useful, and I'd welcome any corrections since I want this to be a good guide :) 

Link to post
Share on other sites
Posted · Original PosterOP
Just now, Lurick said:

So what you're saying is buy old used drives, put them in RAID 0 and that's the perfect backup solution?

No, that's literally the worst thing you could possible do :P  What I would recommend though is thinking to yourself "is my backup plan so good I could afford to store my precious data like that?" and if the answer isn't "yes", it could be improved xD 

Link to post
Share on other sites
Just now, Ryan_Vickers said:

No, that's literally the worst thing you could possible do :P  What I would recommend though is thinking to yourself "is my backup plan so good I could afford to store my precious data like that?" and if the answer isn't "yes", it could be improved xD 

Guidance unclear. Ended up with 11 drives of various size and age stuck in JBOD and all files lost :P 

 

Always good advice though, if you aren't comfortable storing data on it and risking it going down, rethink or improve the solution :)

I like to combine a nice NAS as a central backup point and have everything on there mirrored to CrashPlan.


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
Posted · Original PosterOP
Just now, M.Yurizaki said:

When you say RAID, you mean local RAID? Not like a NAS RAID.

 

Maybe I should've seen that coming but I kept thinking something like that.

I mean RAID as a strategy on its own.  My mindset was locally in your PC, but it applies anywhere if looking at it in isolation.

Link to post
Share on other sites
13 hours ago, Ryan_Vickers said:

I mean RAID as a strategy on its own.  My mindset was locally in your PC, but it applies anywhere if looking at it in isolation.

 

13 hours ago, M.Yurizaki said:

When you say RAID, you mean local RAID? Not like a NAS RAID.

 

Maybe I should've seen that coming but I kept thinking something like that.

Yep RAID in a NAS you are backing up to is still one copy no matter the configuration, even if you have two mirrors using independent disk sets in the NAS chassis and copy data between them on a schedule. It's still in the same physical unit using the same power supply, CPU, motherboard etc so it is one fault domain.

 

When you are evaluating copies of data for backups it's best to use fault domains to verify that it truly is it's own sole independent copy of the data.

Link to post
Share on other sites

I recently set up an experiment with doing backups since one of the attributes listed was prevention against ransomware. Since I've never actually gotten ransomware, I don't know how effective this'll be. However I do know one of the things it tries to do is ask for elevated privileges and I'm riding on the hope that the payload will continue to try to execute if you don't elevate it. So maybe this is overkill, but we'll see.

 

In my case I have what's considered for all intents and purposes two external hard drives. One of them is the USB kind. The other is a NAS. I use the USB external as both a backup solution and a staging area to clone to the NAS. Once that's done, I log in using another account whose sole purpose is to sync files from the USB external to the NAS. The account I normally use only has read privileges to the NAS while the data backup account has read/write access.

 

So how would this work against ransomware or malware? Because I don't run either of these accounts as administrators for one, so elevation requires a password (even though theoretically malware shouldn't be able to do anything to a UAC prompt). For another, if one account is compromised because it launches ransomware, it can only do damage to one of the local copies that I have. Sure, while I won't be having the USB external on all the time, I do want to plan for the worst case scenario.

 

For the sake of convenience when I do subscribe to a cloud storage service, the data backup account's also going to be the only one who runs the operations.

 

To summarize:

  • Normal user account I use everyday:
    • Has read/write privileges to the local drives and the USB external drive
    • Has read only privileges to the NAS
  • Data backup account
    • Has read-only privileges to the local drives and USB external drive
    • Has read/write privileges to the NAS

You might ask "wouldn't it be annoying to log in to the account whenever you want to do a backup?" You can add a registry entry to create a new option to run as a different account from Start Menu items. While this still requires entering the username and password, you don't have to sign off or switch the account you're running on,

Link to post
Share on other sites
Posted · Original PosterOP
13 minutes ago, M.Yurizaki said:

I recently set up an experiment with doing backups since one of the attributes listed was prevention against ransomware. Since I've never actually gotten ransomware, I don't know how effective this'll be. However I do know one of the things it tries to do is ask for elevated privileges and I'm riding on the hope that the payload will continue to try to execute if you don't elevate it. So maybe this is overkill, but we'll see.

I find the best way to model it is to assume the worst reasonable case scenario and plan for that.

13 minutes ago, M.Yurizaki said:

In my case I have what's considered for all intents and purposes two external hard drives. One of them is the USB kind. The other is a NAS.

:D I was thinking this same thing and hoped other people would get that these are general categories and not literally only a USB kind, etc.

13 minutes ago, M.Yurizaki said:

I use the USB external as both a backup solution and a staging area to clone to the NAS. Once that's done, I log in using another account whose sole purpose is to sync files from the USB external to the NAS. The account I normally use only has read privileges to the NAS while the data backup account has read/write access.

 

So how would this work against ransomware or malware? Because I don't run either of these accounts as administrators for one, so elevation requires a password (even though theoretically malware shouldn't be able to do anything to a UAC prompt). For another, if one account is compromised because it launches ransomware, it can only do damage to one of the local copies that I have. Sure, while I won't be having the USB external on all the time, I do want to plan for the worst case scenario.

I wouldn't assume ransomware needs elevated permissions to work, that's setting yourself up for problems imo.  Since it's only interested in "your files", I would expect it to try (and succeed) running at any permission level and taking everything it can get.

13 minutes ago, M.Yurizaki said:

To summarize:

  • Normal user account I use everyday:
    • Has read/write privileges to the local drives and the USB external drive
    • Has read only privileges to the NAS
  • Data backup account
    • Has read-only privileges to the local drives and USB external drive
    • Has read/write privileges to the NAS

That should be totally safe then, assuming you pay attention.  The most important thing (and I didn't go over this in the guide since imo it's another topic but) having a tiered strategy.

 

If:

  • you have multiple separate backups,
  • you never plug all of them in at the same time, and
  • you check what you are backing up before overwriting your backup

It should be impossible to lose your data.  Worst case scenario, ransomware hits right as your'e backing up, so you lose your whole system and that backup.  Well no worries, just format the system and restore from a different backup.

Link to post
Share on other sites
1 minute ago, Ryan_Vickers said:

I wouldn't assume ransomware needs elevated permissions to work, that's setting yourself up for problems imo.  Since it's only interested in "your files", I would expect it to try (and succeed) running at any permission level and taking everything it can get.

I read that WannaCry (or maybe it was talking about ransomware in general) tries to get elevated privileges. It may not work, but hey, at least it tried. And then it runs its payload anyway, but if you blindly accept UAC prompts, well, you just gave it access to the whole thing.

Link to post
Share on other sites
Posted · Original PosterOP
4 minutes ago, M.Yurizaki said:

I read that WannaCry (or maybe it was talking about ransomware in general) tries to get elevated privileges. It may not work, but hey, at least it tried. And then it runs its payload anyway, but if you blindly accept UAC prompts, well, you just gave it access to the whole thing.

And on that subject, I should actually elaborate on my assessment of this part: 

 

27 minutes ago, M.Yurizaki said:
  • Normal user account I use everyday:
    • Has read/write privileges to the local drives and the USB external drive
    • Has read only privileges to the NAS
  • Data backup account
    • Has read-only privileges to the local drives and USB external drive
    • Has read/write privileges to the NAS

 

If these are two different accounts on the same system/install, I take back what I said about this being sufficient protection.  As you said, there are many ways it could get elevated permissions, either through an exploit, you accepting them, you always running a high level account, etc.

 

In this situation, I would use one PC to copy from the PC to the USB drive, and a separate one, or at least a separate install (bootable live Linux USB stick without persistence so that it's a fresh copy every time for example) to then copy from the USB to the NAS.

Link to post
Share on other sites
1 minute ago, Ryan_Vickers said:

In this situation, I would use one PC to copy from the PC to the USB drive, and a separate one, or at least a separate install (bootable live Linus USB stick without persistence so that it's a fresh copy every time for example) to then copy from the USB to the NAS.

If you want maximum security, that'd be best.

 

But I'm willing to trade some of that for convenience. :B

Link to post
Share on other sites
Posted · Original PosterOP
2 minutes ago, M.Yurizaki said:

If you want maximum security, that'd be best.

 

But I'm willing to trade some of that for convenience. :B

The alternative would be to use one system, one install, and one account, but separately backup to the USB, and then the NAS, but never have both plugged in at once, as opposed to backing up to the USB, and then from the USB to the NAS.

Link to post
Share on other sites

Or how about this strategy:

  • Have the USB drive hooked up to another computer. In my case I have an Intel NUC sitting around. It has a Linux install on it.
  • Have the NUC share the USB drive over the network
  • Perform one backup over that.
  • Switch over to the NUC or remote into it
  • Have the NUC push the USB drive data onto the NAS/cloud
Link to post
Share on other sites
Posted · Original PosterOP
1 minute ago, M.Yurizaki said:

Or how about this strategy:

  • Have the USB drive hooked up to another computer. In my case I have an Intel NUC sitting around. It has a Linux install on it.
  • Have the NUC share the USB drive over the network
  • Perform one backup over that.
  • Switch over to the NUC or remote into it
  • remove the connection that allows the PC to write to the USB drive
  • Have the NUC push the USB drive data onto the NAS/cloud

^ I added a step above that I think should make that just fine :) 

 

Also, as said previously, all these plans assume you're checking your data before writing it to the next device to make sure you're not backing up files that are already encrypted

Link to post
Share on other sites
On 2017-07-21 at 5:16 AM, Ryan_Vickers said:

Occasional Cloud

It suffers from the same problems as the external HDD - don't run it enough and it won't do you any good.

Is a WD MyCloud considered an occasional cloud?


There is more that meets the eye
I see the soul that is inside

Link to post
Share on other sites
Posted (edited) · Original PosterOP
16 minutes ago, hey_yo_ said:

Is a WD MyCloud considered an occasional cloud?

If it's stored offsite, then yes

Quote

This can be an entirely different service that simply does not offer live syncing, or it could be an always-on service like OneDrive that you just don't open very often.  It could even be an External HDD that you manually store off-site, with a friend, etc.

 

I realized after writing this how I could have generalized even better, but I feel the examples I gave are applicable to most people so I didn't bother changing it.  That said, really, there's 4 kinds of backups, in 2 axis: On-site vs off-site, and always on vs occasionally run.

  • The External HDD in my guide is modeled after an occasionally run, on-site backup.  A NAS that you back up to now and then would be another example of this, assuming you only connect to it when doing a backup.  If it's always plugged in but not always syncing, you get the disadvantages of an always on system with none of the advantages (ie, ransomware could take it from you but you're not backing up things as often)
  • The Always on cloud and occasional cloud correspond, obviously, to always on and occasional off-site backups, respectively.
  • The only one I didn't address is the possibility of an always on, on-site backup.  This would be something like an external HDD that you never unplug and have syncing constantly.  I didn't mention this because I don't think it's a common thing to do, and it's not that different than RAID really.  That said, it would differ in the following ways:
    • Accidental deletion, and Drive Corruption would both be upgraded to a "~" depending on your software, but then, you can protect against these with file history on the same drive and error checking filesystems so ¯\_(ツ)_/¯
Edited by Ryan_Vickers
Link to post
Share on other sites

For ransomware, if I just read my email and USB drives on a virtual machine, should I be safe? I assume the ransomware would only get my virtual disk, not the host disk.

Link to post
Share on other sites
Posted · Original PosterOP
7 hours ago, ATTWIFI said:

For ransomware, if I just read my email and USB drives on a virtual machine, should I be safe? I assume the ransomware would only get my virtual disk, not the host disk.

It would get anything "you" can access, you in that case being your user in the VM (if I understand correctly and the VM is what you are concerned about having infected).  So, if you have shared folders (files on the host that you make available to the VM through a "network" share), etc., it could potentially get those, but unless it incorporates one of those viruses that lets it escape the VM there shouldn't be a way for it to attack other parts of the host disk.

 

That said, what do you mean by "read USB drives"?  I'm not an expert in how that works but if you're passing them through to work on the VM, I would be concerned that they might still be able to affect the host in some way.

Link to post
Share on other sites

I have found that robocopy, a rsync like program built into Windows, is a simple way to automate backups for critical files. Using a USB stick allows one to make multiple cheap backups and as the USB sticks are physically more robust than HDDs one can carry a backup around, fulfilling the off-site requirement.

 

Setup:

  1. Compile a list of folders you want to back up.
  2. Obtain a USB stick and give it a unique drive letter i.e. "m" so that the drive will always be attached under this drive letter.
  3. Create a batch script on the computer which should be backed up.
  4. Optionally download an install 7zip or use the portable version.
    1. 7zip can be used to compress and encrypt the files being backed up so that in the event of theft of the USB drive your documents will unreadable to the thief.
    2. Put 7zip portable on the USB stick for use later on a computer without 7zip if needed.
    3. Add a line to the batch script to compress the desired files and encrypt them. Note: The password to decrypt the files will be stored in the batch script - give it to no one.
  5. Use robocopy commands in the batch file to copy the files to the external drive.
  6. Optionally add a scheduled task using Task Scheduler to run the batch script every 10 minutes. Alternatively add an event to run the script when the drive is connected.
    1. If using 7zip to compress the files add a test if the drive is connected i.e. IF EXIST "M:\test.txt" (*rest of program*) to prevent needless compression if the drive is not connected.

Use:

  1. Plug in drive.
  2. Wait a number of minutes - if the command prompt is shown then wait for the window to disappear.
  3. Disconnect drive.
  4. Profit.

 

 

Example robocopy script:

robocopy "C:\Users\username\My Documents\stuff" P:\stuffbackup /dcopy:T /zb /copy:DAT /e  /fp /eta  /tee

 

Link to post
Share on other sites
On 7/21/2017 at 5:16 AM, Ryan_Vickers said:

Cloud services are the only way to protect yourself from physical threats, short of manual off-site backups but that's just not a viable option for many.  They vary in price but Microsoft offers 1 TB for $70/year or 5 TB for $90/year, split over 5 accounts if you get the family plan.  Both of these also include the always up-to-date Office 365, and more.  Personally, for the peace of mind this offers, the price is reasonable.

Good thing we picked Office 365 Business Essentials for my friend's small business that I've invested. It's kinda like Google Docs but uses Office Online and for the most part it serves our needs especially Excel online. It may not have the more complex features of the fully pledged desktop Office apps but the web versions gets the job done. As long as we have an internet connection, it will back up to OneDrive. It's cheap too at just $2.50 per person.

 

Now all I need to do is figure out Group Policy.


There is more that meets the eye
I see the soul that is inside

Link to post
Share on other sites

Hmm, the thing with external HDs as backup is that in the event of a successful ransomware infection, it can get encrypted unintentionally as long as it is plugged in. Since most always on cloud services have redundant servers, one can actually restore files even if it got encrypted by ransomware. I think OneDrive does this as long as you pay for Office 365. 


There is more that meets the eye
I see the soul that is inside

Link to post
Share on other sites
Posted · Original PosterOP
10 hours ago, captain_to_fire said:

Hmm, the thing with external HDs as backup is that in the event of a successful ransomware infection, it can get encrypted unintentionally as long as it is plugged in. Since most always on cloud services have redundant servers, one can actually restore files even if it got encrypted by ransomware. I think OneDrive does this as long as you pay for Office 365. 

Yes I think OneDrive has since added versioning in the time between when I wrote this and now, but I've yet to test it for myself so I can't recommend relying on it until I've done so successfully myself.  Regardless the guide and ratings for it stand since it was written as a "maybe", depending on if your service offers this or not.

 

As for the external drive, certainly if you plug it into an infected system there's a good chance you could lose it too, but I wrote this under the assumption that people have common sense and would purge the internal drives and reinstall before attempting to recover.  This is mentioned in the first bullet point of the external HDD section.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×