It all started when I was trying to export a video from iMovie to iDVD on my Mac. Things were chugging along just fine. The progress bar was progressing. I had turned to another computer to continue working on a project, when suddenly…

ka-thunk… ka-thunk… ka-thunk…

What??? I frantically whipped my head around because that sound was all too familiar to me. I watched in horror (because it is almost Halloween), as my beloved black MacBook displayed the spinning beach ball and then everything froze on the screen.

Rebooting resulted in the “folder with question mark” display on the screen. Those of you with Mac’s know that this is not a Good Thing.

So, I’ve had this MacBook for 4 years and this is the first drive crash it has had. I’ve got another drive that I can put in, so that is not a problem.

But, what about all of that important data that was stored on the computer? Have I lost it?

The short answer is NO. An external drive and the Time Machine software in OS X saved the day. I’m restoring the system as I write this post. All should be well before the end of the day.

So, you are doing backups, right?

Several solutions exist for backups.

I really, really like the highly reliable, but simple to use, Time Machine with Mac OS X. If you use a Mac, you should invest $150 in a large external drive and set up Time Machine.

If you are running WindowsXP, you can use the built-in NTBACKUP.EXE application. On Vista/7, you can use the Backup and Restore application in the Control Panel. You could even use ROBOCOPY.EXE to do things manually.

Third-party applications can be purchased for both Mac OS X and Windows that work well. Often you will find that if you purchase an external USB-connected hard drive, it will come with backup software.

Many people like the online backup services. These only work well if you have broadband Internet regularly available to you. Dial-up users might pass on to the Afterlife while waiting for the initial backup to complete.

I see that my Time Machine restore is about 56% complete with a little over an hour to remaining. Ahhhh… What a good feeling to know that all my important information will be back in just a little while.

Here’s hoping that your backups are as good as mine,

- Dan

Pay attention, everyone -

You should never have the only copy of your important files be stored on your flash drive. It will die (or be lost or be stolen). If this is the case, you may be completely out of luck.

I had a friend give me a flash drive this past weekend. The flash drive is not recognized by any computer. Where there normally is a light that comes on when plugged in, now there is no longer a light.

If the problem is more that just a poor USB connector, then it will be pretty costly to recover the data, if it is possible at all… Usually the cost will outweigh the benefit of recovered files.

So, use the flash drive only as a working and portable storage device. Make sure they are encrypted. Copy the files back to your computer if they are important. That way they will be a part of  your normal backups. (You do have a backup system, right?)

If you don’t have a backup system in place, consider using something like LockYourData (www.lockyourdata.com). It allows  you to manage both online and local backups as well as keeping multiple generations of files.

The last thing you want to hear is the words of Dr. McCoy as he looks up and says, “He’s dead, Jim.”

- Dan

“Backups are the disaster recover plan!”, he emphatically said.

And so began the conversation…

Of course, backups are a part of the disaster recovery, but not the complete plan.

Just last night I found out about a local business whose server crashed. They had been dutifully performing backups. The backup subsystem reported that backups had been created. But…

It turns out that the backups are unreadable and now they are scrambling to determine the next steps to keep their business running.

Tip: Periodically check your backups to make sure that (1) they are readable, and (2) that they contain the information you hope they do.

Put this into your list of things to review on a monthly basis. As some point you will be glad that you did.

- Dan

Do you know you data, computers and networks? I mean, really know them?

The end of the year is a good time to take stock of your security measures and operational practices and do some maintenance.

I like to ask the question Where are we? at the end of the year. What is being done to protect the information assets of my company or myself and family? After I have a good grasp of this, then I like to ask myself the logical next question, which is Where do we want to be? Comparing the two gives some idea of where to focus my information security energies.

Yeah, I know that previous paragraph is pretty vague.

How about some specific ideas when asking that Where are we? question.

• Do I know where all the important data is being stored? Is it all on the hard drive of one notebook computer? Or, is some stored on my computer, some stored on my wife’s computer? Maybe it is stored on a file server on the network!
• What am I doing to protect the data on my notebook computer? Am I doing backups? How do I know that the backups can be used?
• What if my notebook computer gets stolen and my personal financial information (with bank account numbers and passwords) is stored on it? What am I doing to encrypt or adequately protect that data?
• If you host your own web services, you should evaluate the access rules on your firewall. Do I really need to allow access on the ports that I have open?
• Am I patching the OS on my servers? Do I test patches in a controlled environment before installing them on the production servers?What about the patch level of my workstations? Am I using Automatic Updates (on Windows) to keep them updated?
• When was the last time I changed the WEP/WPA key on my wireless access? Am I using WEP or WPA or something else? Am I sure that only authorized people know what it is? Maybe the neighbors are leaching the signal!
• Do I have any idea of what “normal” traffic looks like on my network? What applications are being used – P2P, chat, BitTorrent, webcams? What about filtering? Is my filtering functioning as desired?
• When was the last time that I forced password changes for users? How about administrator/root accounts?

Wow! That sounds like a lot of work! It’s not, really, but these things need to be considered periodically.

In the next entry, I will be discussing the Where do we want to be? question.

- Dan

Small business is confronted with a significant decision when it comes to the backup of their important data. Should a local solution be implemented, or should an on-line service be used? I’ve just begun experimenting with a relatively new service called getdropbox.com.

getdropbox.com is a relatively recent entry into the fray of on-line storage and is still in “beta” mode. Getting an account requires an invitation from someone who already has an account. This free account gives the beta-user 2GB of storage. Once an account has been set up, a bit of software is installed on the local computer. This software creates a new folder (dropbox) on the local computer. As files are moved into that folder, they are auto-magically uploaded to the folder on the getdropbox.com servers. These files are only accessible by you, or any other computer with the getdropbox software and and that is linked to your account. Pretty simple, eh?

getdropbox.com also allows you to make some of your files publicly accessible. A unique URL is provided for each file. Anyone who knows, or is lucky enough to guess, this URL can access this file. The file is readable, but changes cannot be written back to the servers.

The capability is also included to share a folder with other getdropbox.com users, but whose computer is not linked to your account. You just need to send them an invitation (via email) to the shared file. At this point they have full read/write access.

Now, how can this be used for an online backup? As mentioned earlier, the software watches the dropbox folder on your computer and automatically synchronizes with the on-line server. If you are using Mac OS X you can simply create a symbolic link in the dropbox folder pointing to any other folder you want automatically backed up. (Unfortunately, this capability is not available to Windows users at this time.) The developer indicates that they are internally testing a Linux client. Then, this should be available for LInux, also.

So, how secure is your data? According to the FAQ, the data transfer takes place over an SSL connection. I’ve not yet had the chance to examine the network traffic to verify this. But, and this is significant, does not state that the files are encrypted on their servers. According to the FAQ, “Files are encrypted with AES-256 before being stored on our backend.” They indicate that in the future users will be able to define their own private keys to encrypt the data, but this is not currently implemented. I would highly recommend that any confidential information be encrypted prior to putting it in the dropbox folder on your computer.

So, would I recommend that you use getdropbox.com for on-line data storage for your company? Yes, if the following conditions are met…

1. Sensitive data is encrypted before being put in the dropbox folder for synchronization
2. The total amount of data is less than the amount allocated to your account. Right now the maximum folder size is 2 GB
3. There is a need to share files with others trusted individuals outside the company
4. You business model allows for your company information to be stored outside of your control

Ok, then, what about personal use? Pictures that need be shared with family would be fine to have stored. Likewise, other personal files may be fine. But, I sure wouldn’t put my Quicken data files up on a service like this unless I first encrypt it. (TrueCrypt would be a fine piece of software to use for encryption.)

Finally, the getdropbox.com privacy statement only speaks to personally identifiable information you submit as you create your account. Of course, they reserve the right to sell or disclose your information to service providers, business partners, and others. It is curious to note that they omit speaking to what they will do with the files you store on their site!

Disclaimer: The information in this post is current as of the date and time of the posting. The details of the getdropbox.com service are always subject to change.