Procrastination about backing up
Backing up your computers, it is an important thing. In business, keeping backups is not only important, but in many cases mandated by law, with Acts such as the Sarbanes Oxley and HIPIAA. At home, many of us don’t think about it until just after a hard drive fails, and we kick ourselves. Then come the stages of regret and anger because we just lost 5 years of photo’s, your 50 page thesis, or just all your passwords that you couldn’t remember for email, banking, and so forth.
Many of us know that we could automate backups on our home computers, but since it takes more than 5 minutes of reading, and you’re not “a computer expert”, you won’t do it. Even just doing a copy and paste from your my Documents folder to a DVD and letting windows just burn it for you is just too manual of a process. Besides, your computer is only a year old, or just got it last week. Nothing could happen.
Well, like I’ve blogged about before, computers are not infallible devices. They will crap out on you when you need them the most, and more importantly, will die in a way that you will have no way of recovering your data.
In any case, backing up your data, whether it be for a home business/office, or just personal stuff such as pictures and documents, one critical part of backing up is to get the backup off site. This is probably the single most overlooked task that anybody, to include businesses, do. What good is your backup going to do if it was burnt up along with the rest of your house?
I’m going to go over a few online backup solutions. It doesn’t completely solve all your problems, some won’t offer automated backups for instance. Some cost more than others. I will outline the ones that I have researched, prioritizing by first the free ones, how much space you get, how you can get access to your files, and finally but not least important, security.
The first one I will detail, and my personal favorite, is Mozy. For starters, you get 2GB free. It does require downloading an application that, but it can be scheduled out to run backups. For the Mozy Home, it also supports both PC and Mac, which is a plus for any Mac user. You can also get what they call Unlimited backups for $4.95 per computer. If unlimited is truely that, then that’s a great deal. Even if it only goes to 25, 50, or 100GB, that is still one hell of a deal. Now, with Mozy, you can backup 3 different ways. First, you can use the software to replace backed up documents, you can order a DVD with your information on there, or there is a web interface where you can peruse the directory structure of your backup and choose which file(s) you need to restore. Mozy also offers a very tight security package, ensuring that your data is safe both on the server and while being transmitted from your computer to their servers.
Next on the list is XDrive. I have yet to try this out, as with the rest of them in this roundup, but this will be my next on the list to try. I have to admit, the reason I haven’t tried XDrive out is because it’s owned by AOL, and I just haven’t liked them in 15 years….anyways. XDrive offers 5GB of free storage, and 50GB of storage if you want to pay $9.95/month. 5GB is not a bad deal for free. From the looks of it, it too requires a downloaded application, what looks to be in the form of a toolbar. It also integrates into your My Computer folder directory, so that your XDrive will also appear as a regular drive, allowing you to drag/drop files at your leisure. It also seems that you can schedule your backups as well, so there is relatively little interaction (remembering) on your part. On top of having the folder view in My Computer, it also seems to have a WebDAV, or web interface, so that you can access your files from another computer. It seems that this product is supported by Windows only however. The site says that there is encryption, but to what extent, I cannot report on.
OmniDrive is third on my list. Omnidrive seems really geared towards the mobile person. For starters, you get a 1GB storage area for free, with 5GB of bandwidth per month. With the free account, however, you do not get web access or the ability to transfer data through an SSL link (meaning secure link). For paid space, you can get 10, 25 and 50GB services that are billed annually. Though the service is a little costly for the space, they do offer other services such as a web version of Word and Excel so you can edit files on the fly, and a web based photo editor. From a disaster recovery standpoint, this is a decent service because it gives you twice the bandwidth than your file storage, for instance, you get the 10GB of file storage, you will get 20GB of bandwidth a month. If you are sharing your files however, others will eat into that bandwidth, so that is something to take into consideration. It also supports both Windows and Mac clients, and they do offer specialized packages larger than 50GB if you contact them.
AllMyData is another strong contender. They offer only a 1GB of free storage, but again the backups can be scheduled out. There is the same types of interfaces and backup methods that both Mozy and XDrive share, so again making it very versatile. It offers encryption as well, and has a great support page that rivals the Mozy site, not geared towards making you feel better about using their service but instead actually giving hard answers to tough questions. For an unlimited storage, it is slightly more expensive than Mozy by a few cents, being $4.99/month per computer. From all the documentation on the site, they too make Unlimited sound like just that, no limit. Though as of right now, it only supports Windows, the site does specify that they will have a Mac client out soon.
Diino is an online backup system that seems to try and offer all the bells and whistles. I can’t tell from the site if it’s geared towards teen/20-somethings that want to have the ability to share music and files, or if it’s geared towards the traveling business person. The prices and what they offer say the latter, but the layout of the website says the former. Maybe they gear the website to appeal to business travelers who like teenage girls and pink…anyways, enough on the website critique. Diino offers 2GB of free storage, but any other storage levels above that come at a steep cost. The list of offerings above online backup include a photo album, online work space, file sharing, secure email, online music (through the Diino player), web and mobile access, as well as a high bit encryption and the standard upload/download recovery. It seems from the website that this service isn’t so much geared towards the standards backup, but more of a mobile office, or teen with a lot of music to share.
MediaMax seems to be a really decent service. You get 25GB of online storage for free, and for higher levels of service, the pricing is really good. You can get up to a Terabyte of storage for $29.95/month. Not bad. Why is this not at the top of my list you ask? Because, you can upload your 25GB of storage, but for downloading, you only get 1GB a month. For the paid services, you are still limited to 10% of bandwidth of what you’re allocated, meaning that if you did get the Terabyte of storage, you could only download 100GB of data a month. From a disaster recovery standpoint, this is not acceptable, since you will need all your backed up files as soon as possible, not scheduled out over 10-25 months. Like Diino, it seems that MediaMax is geared towards Media, like music and movies, that can be shared about. They do offer a downloaded application that will allow you to schedule your backups, and a web interface to manage your documents as well. The application is in beta however, and only supports Windows 2000 and up clients.
There are plenty of other online backup systems, though the other ones I reviewed such as EZBackup, StrongSpace and BingoDisk are geared more towards the corporate marketplace and come at a price. There are also other solutions, such as using the 5+ GB of storage through GMail and using GSpace or GDrive to store your files as well, though this is not entirely secure, is sometimes problematic in getting files bigger than 10MB back, and I’m not entirely sure if this goes against GMail’s Terms of Service (TOS). In any case, there are options out there. Backing up shouldn’t ever be the last thing on your list, and if you’re a home business owner/operator, it should be one of the first things on your list.
Since I killed NSGG…
It won’t seem like such a chore to keep two separate blogs when this one covers a wide breadth of topics, to include tech subjects. The first one will be the last posting, which is an essay.
18 December 2006
Intrusion Detections Systems, an Essay
Introduction
One of the most important reasons that there are advances in technology is because of fighting others. Humans will go to great lengths to invent something that can cause some sort of destruction to another, or creating measures to protect one self from others, to hopefully be one step ahead of the adversary. In the movies, these protective measures will signal intrusions with a loud claxon or flash computer monitors with warnings of a hacker in the network. These are the
Intrusion Detection System
An intrusion detection system inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system (Intrusion, 2002). There are many ways an IDS can perform its task, and can be broken down into these categories: Network or Host based systems, Misuse or Anomaly Detection, and Passive or Active detection systems. A system can perform functions across multiple categories if needed, or can be concentrated on only one method. An example of this is a Network based IDS that is also an Active system.
A network based system is just this. It is a computer that resides on the network for the sole purpose of providing protection against intrusions. Typically, these devices reside somewhere between the router and switches on the network. This way it can capture packets and analyze them as soon as they get through the router but before they are sent to the computers. It does, however, have shortcomings that a HIDS, or Host-based IDS, can compensate for. Host intrusion detection systems are intrusion detection systems that are installed locally on host machines. This makes HIDS a very versatile system compared to NIDS (Magalhaes, 2004). This means that intrusions can be detected on any network segment when installed, whereas a NIDS sometimes cannot. Using a host based solution, computers can be on any segment, and still be centrally administered. The drawback to an HIDS is that the big picture isn’t readily seen, and correlation between attacks at different locations can be difficult (Early, 2006)
The second largest distinction between IDS systems is whether they are active or passive systems. An active IDS is just that, it actively watches every packet coming in and going out to look for malformed packets, or any other data that fits a certain signature. If an attack matching an attack signature is seen, then that IDS can actively stop that traffic from passing. Active systems can also forward this attack traffic to another system or Honeypot so that intelligence can be gained, while protecting the network. Finally an active system can make on the fly adjustments to other devices on the network, such as routers and firewalls. It is because of this that an attack may be permanently defeated. Passive systems, typically, do none of these actions. The passive IDS will track all traffic as the active system, but instead of closing the connection or making any changes, it logs the anomalies and notifies the administrator. It leaves all the decisions up to this person as to which course of action to take.
DShield.org
There are websites that can help the administrator focus his or her attention to what is generally happening out in the internet world. Knowing what threats are the most common and which ones have the worst consequences are important pieces of information to secure a network. For this document, one website is going to be specifically used, DShield.org. DShield is slated as a Distributed Intrusion Detection System, meaning that it is not concerned with one network in particular, but gets information from networks world-wide. With having such a wide base of comparison, a true picture of current trends and threats can be seen, which can be very useful to the security people.
Some of the information off of this website is immediately seen. The section labeled Internet Storm Center (ISC) gives a once-over-the-world look at the current state of affairs online. At the time of this writing (December 7, 2006), the status was Green, meaning “Everything is normal. No significant new threat known.” (SANS, 2006). Other levels are displayed as Yellow,
DShield.org also has detailed logs that thousands of people send in that identify the amount of times an attack occurs, and by whom. These attacks are broken down by which IP port the threat is attacking, which program it is specifically targeting, and who is doing the attack. This feature, coupled with the “FightBack” program, enables users at any level to report attacks to the ISP. By having the detailed records that include the what’s, when’s, and where’s, and sending this information to the Internet Service Provider who issued the IP address, they can then trace down the actual individual and shut them down.
Not an “IDS”
The terminology IDS has become synonymous with other terms such as Firewalls, Penetration testing systems and Anti-Virus. This use of incorrect terminology can lull some into a false sense of security. More than likely, this sense of security is going to be felt at a non-technical level, such as regular managers and business owners. Though having Anti-virus and firewalls installed on systems is an effective means of slowing down the threats of the internet, they are only pieces to the puzzle.
As discussed before, an IDS looks at signatures of a threat to determine what to do. This is what makes it special, and why Firewalls are not in this group. Firewalls are configured to perform the relatively simple function of ‘allow’ or ‘deny’ traffic, but there is not any stateful inspection of individual packets typically. The systems that inspect this traffic, the IDS’s, do inspect every packet of information. So, though similar, there are also great differences.
Anti-virus is also similar in nature to an intrusion detection system, in that it actively scans all data coming into a computer and compares this data to a list of known threat signatures. However, an anti-virus program only does this after a payload has reached the computer in full, it does not do an inspection of the individual packets that are forming the file. Anti-virus also does not protect against threats that happen at the lower 3 levels of communications (physical, data-link, and network levels) where threats such as Denial of Service, or DoS, attacks occur.
End state
Networks have to be protected today. Key information on systems within those networks has to be allowed to flow as well. Having a multi-tiered system of protection on those networks is essential in today’s market, and an intrusion detection system is a key component of that protection. These systems, fitted with hardware and software firewalls, properly configured routers, and anti-virus clients running, ensure that there is a comfortable level of protection for the systems.
With the variety of IDS types, such as Active or Passive, Network based or Host based, a company has many options of picking the level of protection they need and can afford. The decisions have to be made very carefully, since there are key areas that one system may cover but other areas that are left unprotected.
Having websites, such as DShield.org, to help with keeping track of the state of the web-affairs can be helpful to many an administrator. They can provide a means in which to report attempted attacks on a network can verify which ports and programs are being most affected, so forth. These sites can also help an administrator that is currently engaged in an attack focus on what the root problem may be.
No protection is every 100%, however. There are new threats that arrive at our doorsteps everyday, and those typically have the sole intent of circumventing our protective levels that are already established. Complete reliance on systems will never be achieved, but when used correctly they are vital assets in protecting our networks from harm.
