During the Dale Carnegie leadership course I recently attended, one of our daily assignments was to give a talk on a technical subject that everyone could relate to and deliver with “non-techie spiel.” Part I of this post outlines the talking points I used to just get the basics out there to my friends. Part II was not part of the talk, but I felt that it was perfect writing prompt to get into the details a little more for anyone interested. I use an example of how I “air-gap” one version of my backups at work to make sure that one of these backups are “cold or offline” in case of a Ransomware attack.
Part I – Standard Backup Principles
According to an article on in 2017, Small Business Trends reported that 140,000 hard drives fail in the United States each week and that is just one failure point [1]! That was years ago folks, what’s the number up to now? Yes, one can argue that there are less failures on SSD’s but for the regular folks it begs to ask “Are you prepared to loose your stuff?”
I can’t tell you how many times I’ve been approached to recover data that the someone thought they were backing up. In some cases, I did find that the users were diligent about plugging in an external drive to their computer and using a pre-canned backup software, but in a few situations, their backup job was not enough. One such time, the user’s backup was mis-configured and not selecting the wanted source files. Another was when a physical disaster struck, the user was unaware that the machine and backup drive were both “toasted” by the power surge or whatever destroyed the PC and Backup Drive.
Never rely on an “always attached, always on” external storage. Even if a physical fail does not happen to you, malware can . Malware is software designed to disrupt, damage, or gain access to your computer and if you only have one backup that is connected to your computer, guess where that stuff can bleed into?
Similar to your every day strain of malware, the biggest killer of data is lately is Ransomware (a type of malware). If your PC is hit, you can kiss your attached backup goodbye . As long as the backup device is accessible, it can be encrypted by ransomware. Even if it is not physically attached and your backup repository is a mapped drive to a NAS or some share can suffer the same fate.
The cloud will save me right? Sharing files in the cloud via Dropbox or OneDrive must be safe? Sorry. Not good enough, those are shared folders on your machine locally and subject to attack that will replicate to your cloud instance.
Okay then….. What should you be doing?
The 3-2-1 Backup Principle The only protection to any of the above scenarios is understanding that 1 backup copy is not enough. Make 3 copies on different formats..
Example: Your live data sitting on your laptop is Copy 1, Your external backup drive or thumb drive will be Copy 2, & using some form of cloud backup will be Copy 3. Don’t worry if you do not have a cloud solution, you can even get away with having 2 separate thumb-drives or external hard drive’s. We just need 3 copies. Keep one copy at a relatives house or something like that.
Lastly, even if you embrace 3.2.1 for your backups, please test your backups periodically by simply restoring something. Sometimes actually going through the motion will let you actually see how you configured it!
Part II. Backup a little more.
Part II is not necessary for the home user. The principle of having a “cold” backup is basically having an offline copy of your backups. They cannot be touched by intruders, power issues, or most importantly Ransomware.
Summary: At work, I use Veeam Backup and Replication to point at my vCenter server and individual ESXI hosts to grab VM’s and send nightly backups to a Synology NAS. That’s my “2nd” copy (the 1st being the data on the server itself). But since that NAS 1 is always on, it is a potential malware target as well. I need to copy the data periodically from NAS 1 to a secondary NAS 2 and have “#2” shut down and keep itself offline becoming the “Cold” backup instance.
More Details: During the initial backup of my VM’s, Veeam Backup and Replication software uses Deduplication to dump backups to the larger NAS 1 which is always online. This is a Monday through Friday Job. Data deduplication (often called “intelligent compression” or “single-instance storage”) is a method of reducing storage needs by eliminating redundant data. Only one unique instance of the data is actually retained on storage media, such as disk or tape.
I then use the small 2 bay Synology DS718+ to receive a copy of the RS2416+ “NAS1” data taken during the week via HyperBackup.
Both NAS have Hyper Backup installed on them. The recipient of the weekly copy has HyperBackup Vault setup to receive the Saturday job and has power settings scheduled to turn it on and off.
The beauty of this method is that this allows me another level of incremental backups aside from Veeam. It enables Hyper Backup Smart Recycle to delete older backups. When all is said and done we’ll retain 2 rolling weeks of backups on the main NAS 1 and they are readily available to recover to them quickly. I configured the Saturday “Cold” Backup on the small NAS using HyperBackup to retain a full month of backups and it recycles on schedule. Because it powers off, I am truly in possession of an air-gapped, cold Backup.
Offsite? Yeah…Do that too….
My NAS’s are in different areas of the building to separate them as far apart as I can from any standard hazards like fire, water, etc. I take it a step further to provide 1 copy offsite completely.
We do not have the bandwidth availiablee or the budget to utilize Amazon Glacier or some other cloud service, so I simply hook up a USB drive to the Main NAS and monthly dump the backups to that external. It is packaged up and taken ofsite & is considered my 4th backup version.
References
[1.] Small Business Trends. https://smallbiztrends.com/2017/04/not-prepared-for-data-loss.html on October 28, 2019
Ryan Messier 