General Backup question

[Belin]

Currently in my office i have a server backed up onto a external drive.
I know a lot of people are backup to the "cloud" these days.
I would like to have my office backup important files once a day to my home. (this way fire/flood surge) wont kill my buisness....

Is there a prefered method people here can reccomend or a program that would allow me to have the server automatically back up to my home through the internet?

Any suggestions/tips appreciated
Btw the backup file is less then 200mb basically data file with patent info/ ledgers

 

[claykin]

1) Setup FTP server on your home PC and use a backup app such as Syncback Pro to push data over FTP. Preferably use SFTP.

2) Look @ Crashplan but beware of their licensing terms. The Home/Free versions run on Server 03/08 but technically they are not to be used in commercial applications. I don't know many home users with Win Server, but apparently Crashplan thinks its a burgeoning market.

3) Use another cloud provider and don't bother backing up to your home PC. Look @ Jungledisk, my personal favorite. Its flexible and can backup just about any source including local disks, external disks, network resources.....

 

[thiggins]

You can try BuddyBackup.

 

[claykin]

You can try BuddyBackup.

At first I thought Buddybackup only worked on client OS (see their System Requirement page), but in the FAQ I found the following:

Does BuddyBackup work on Windows 7?

Yes, BuddyBackup has been designed to work on Windows 7. It also works on XP, Vista, Server 2003, Sever 2008. It works on both 32 and 64 bit versions of those operating systems.

 

[stevech]

Currently in my office i have a server backed up onto a external drive.
I know a lot of people are backup to the "cloud" these days.
I would like to have my office backup important files once a day to my home. (this way fire/flood surge) wont kill my buisness....

Is there a prefered method people here can reccomend or a program that would allow me to have the server automatically back up to my home through the internet?

Any suggestions/tips appreciated
Btw the backup file is less then 200mb basically data file with patent info/ ledgers

Get a flash drive. Put it on a necklace/lanyard. Copy good stuff to it each day. Take it home. Copy it again.

Consider SecondCopy (shareware, $30) to automate.

Or, put hfs.exe (freeware HTTP based remote file storage) on your home PC and setup your router to port-forward the chosen port. Setup a login with a good password. Use your browser at work to drop files.

If you work for a large company, their firewalls block most methods used by automated offsite backups.

 

[matthelm]

I use Hamachi2 (free version) as a VPN, and Cobian Backup (free also) to do the backing up. Both are VERY easy to setup and use. Hamachi2 sometimes has hiccups (about once a year).

https://secure.logmein.com/products/hamachi2/

http://www.cobian.se/cobianbackup.htm

 

[stevech]

I use Hamachi2 (free version) as a VPN, and Cobian Backup (free also) to do the backing up. Both are VERY easy to setup and use. Hamachi2 sometimes has hiccups (about once a year).

https://secure.logmein.com/products/hamachi2/

http://www.cobian.se/cobianbackup.htm

My employer, like many, block ALL employee PC firewall passing except for my outbound HTTP and HTTPS TCP. Nothing else, Nada. No debate. I can VPN from outside the firewall into the corporation, but not to my PC because windows shares are forbidden. Things like GoToMyPC, though HTTP based, are blocked by IT using a proxy for DNS (websense) and firewall rules that blacklists all such servers, plus webmail and social media.

I can't blame them. My company is the target of a barrage of attacks, mostly from China. I myself have logged an open server on the internet getting hit hundreds of times a day by virus propagators in China.

IT gets graded on no security breaches; I get graded on productivity but I don't have any influence on IT policy. This seems true in all large companies, and small ones that don't want to be smeared in the press.

 

[kamina]

Get a flash drive. Put it on a necklace/lanyard. Copy good stuff to it each day. Take it home. Copy it again.

Make sure you encrypt the data if you have any confidential copies. I would really hate to know our employees are carrying all their important documents around 24/7 on flash drives hanging of a necklace...

If you work for a large company, their firewalls block most methods used by automated offsite backups.

And they will fire you if you try to get around the blocks and transfer work files repeatedly to another computer (for good reason).

I'm not expecting the starter of the thread works in a company with tight policies regarding handling of data, but there is actually a reason such policies are put in place. It's a good idea to have off site backups, just remember it increases the risk of confidential documents ending up in the wrong hands.

 

[stevech]

Yeah, our office and laptop PCs have full disk encryption and policy says all external drives/flash drives shall be encrypted using certain software.

Been doing this for years. Stolen/lost laptop with personal and company info... not an issue.

TruCrypt is OK. For personal use, SafeHouse Explorer (free) is easier to use.

My issue with on-line backup, for servers in the US, is that these companies must have a copy of the key you specified, to respond to a lawful court order. No one likes to talk about it, but it's the law. I'm not concerned with the government's misuse, but I am concerned with disgruntled/dishonest employees of the backup company that gain access to the cache of customers' encryption keys.

Really sensitive stuff can be encrypted on the PC before uploading to the not so secure on-line storage server. But you must segregate these from the automatic backup software daemon.
Or maybe use one a country that (apparently) doesn't have government mandated access potentials.

 

[claykin]

My issue with on-line backup, for servers in the US, is that these companies must have a copy of the key you specified, to respond to a lawful court order. No one likes to talk about it, but it's the law. I'm not concerned with the government's misuse, but I am concerned with disgruntled/dishonest employees of the backup company that gain access to the cache of customers' encryption keys.

Really sensitive stuff can be encrypted on the PC before uploading to the not so secure on-line storage server. But you must segregate these from the automatic backup software daemon.
Or maybe use one a country that (apparently) doesn't have government mandated access potentials.

Where did you get information that US based cloud providers must retain copies of user decryption keys? I do not think this is accurate. Maybe you should look at a different cloud provider such as Jungledisk. Owned by Rackspace and based in Texas and Atlanta.

 

[stevech]

I believe I'm correct on lawful court order, checking with sources. If the customer encrypts with their own software prior to upload, then the service provider isn't responsible of course. I don't know where the line is drawn, legally, if encryption at the client PC is done using the service provider's software (e.g., transport encryption vs. storage encryption; the latter is clearer).

Same holds true for email service providers.

And public phone companies. This is called "legal intercept", as has been made folly of in recent years by the liberal press, but it's been going on for valid reasons for decades, and IMO, not abused.

This doesn't apply to service providers with servers outside the US. RIM/Blackberry has been struggling with this and certain countries, such that sometimes they have to put servers in the country so that government gets the ability to elect controls and surveillance.

I checked this subject with managers at two large providers in the US. The low level staff is unaware.
I use Google for storage, and Zumodrive, but I myself alone encrypt before their client software gets it, and before uploading to their servers.

 

[claykin]

Jungledisk has the option to provide private encryption at the client app level prior to upload to JD servers. JD warns that by using this encryption they have no way to decrypt your data. In the case of Jungledisk, they provided their source code to security researchers to validate/comment on what they were doing. One of those researchers who evaluated and likes the product is Steve Gibson from grc.com.

I believe Mozy now offers a similar option which can be optionally selected. Not sure if their source code was ever inspected by a third party.

The wire tap laws you are referring to are also in place for Internet so the government can compel a provider to turnover data/records. However, when the data is encrypted with a private key the provider cannot decrypt for the government. At that point the government is forced with trying to break the encryption which can usually only be accomplished by attempting random methods to guess the password, or trying common passwords like those in rainbow tables.

In 2011 there will be bills before Congress that will compel US providers to provide a backdoor to any encryption. If this somehow becomes law then we'll have a problem. Until so, you are free to store your data on a trusted cloud storage provider, use a private key and feel safe your data is protected from rogue employees at the cloud vendor, etc..

BTW, if these backdoors end up being written into law, we'll no longer be able to trust the security of VPNs, or frankly any public system offering AES, DES, Blowfish types of encryption. Plus if the US passes such an act, it will only be a matter of time before you see the same in the EU and other majors.

Lets hope this blows over.

 

[Belin]

I thank everyone for their responses. Not to worry the data I am trying to back up belongs to me and not some company I work for. I own a dental practice and I am looking for a way to automate backup of patient files and xrays to an off site location. Aka my home so that I don't lose the data in the event of a fire Ect... I will look into your suggestions thanks!

 

[stevech]

Jungledisk has the option to provide private encryption at the client app level prior to upload to JD servers. JD warns that by using this encryption they have no way to decrypt your data.

My point - you are using THEIR client software and it has the key you choose. They may encrypt that key and send it to themselves to store where it supposedly can be had only by court order and by select employees. For US customers (and perhaps others). It could be that they tell a judge that they don't keep the users' keys for client-side encryption and that's legal. That I don't know. But sometimes, they encrypt at the client using their own software and your key, but decrypt before storing the data on their end. It may or may not be re-encrypted for storage. You don't know.

Jungledisk and most all I've looked at have this same warning that only you know the key - and that may always be true, or not.

Their Terms and Conditions, probably typical of the industry, define "confidential" information to include data sent to them and stored by them. They then define, in section 17 of
https://www.jungledisk.com/docs/TOS_030510.pdf
that on (lawful order, from a court or law enforcement agency one may interpret), such confidential information may be disclosed.

Being a law-abiding person, all I'm worrying about is a berzerk employee at one of these cloud storage companies or their service providers.

 

[claykin]

stevech

I suppose you should keep your current encryption methods in place.