Posted on 2007-07-20
Last Modified: 2008-02-01
Hi all,

I have following problem which I need to solve. I work at home and keep my server at home, it contains all my data, sql datadases, exchange server etc. Obviously my data are very important to me and back and ability to recover from any failure is critical to me.

Normal company usualy changes backup discs in some schema so that they are out of office and only currently used backup medium is in the machine. For me, as I work at home, this does not work, I am not willing to go somewhere (bank, my friend or whereever else, just to store my circulating backup drives).

Therefore I decided to buy software Peersync which is very good in data replication over WAN/LAN. I bought cheap computer with 500 GB capacity and I found reasonable place where to store it. During the night peersync replicate all the data I need to this REMOTE computer, as it replicates only changes even in extremely big file, this is OK.

what I need is to ensure that nobody can read the data on remote computer when this is stolen. It is not probable but I have to be sure.

I will have only remote access to that computer normally .

Can you advice what should be the best solution?

Many thanks

Question by:vladobb
    LVL 32

    Accepted Solution

    The only real way to ensure this is to encrypt the disk on the remote computer. You can use the EFS built-in with Windows, or Truecrypt:

    You will want to make sure by reading or testing that Peersync is compatible with these, and very important to backup your recovery keys in case they are lost.
    LVL 33

    Assisted Solution

    by:Dave Howe
     Not familiar with peersync, but the problem with efs is that it is keyed on the logged in user - so the remote files would be visible if someone could compromise the user account or the currently logged session. In addition, EFS would not protect the data in transit - so unless peersync does so, the data would be sent unencrypted between the two nodes.
      Truecrypt is a possible solution, but you would need to sync the data volume, and if the peersync is only granular at the file level, not the sector level, then it would resend the entire storage every night (not just the changes) which in a 500gb drive would be bad.

      Personally, I would have done the following:
    1) installed linux of some flavour on the target (remote) machine
    2) each night, ran a script which went though the machine looking for changed files (this is trivial; files changed under windows have the "archive" bit set)
    3) for each changed file, copy it to a working area using the free 7z package, encrypting it and compressing it in the process
    4) using scp, copy it to the target machine into a matching subdir to the original (creating said subdir if required); for bonus points, if the expected load isn't too high, do so with the provision of a date/time stamp added so that you can keep multiple revisions of the same file.
    5) reset the archive bit so that it is marked "clean" for tomorrow

      Writing the script would take about ten to fifteen minutes (actually, most of it is just deciding which dirs to exclude from the scans); the putty scp tool is suitable (and free) and the 7z command line too is similarly lacking in cost).  Adding a gui for the script (so you can see what it is doing and/or if it has finished) would probably take longer than writing the script!

      However, as an alternate - how much data *do* you need to sync? if its less than about 16gb routinely, perhaps you could just invest in a usb pendrive, add that to your keyring, and carry around your backup with you? that would have the added advantage that your files were almost always accessable to you immediately wherever you are, and you could encrypt the drive with traveller mode truecrypt (so anyone stealing it would be unable to access your files at all)

    Author Comment

    Hi DaveHowe, hi r-l

    thanks a lot for your suggestions, my full and complete backup set has 350 GB, from this 350 GB, 1.5 GB is changed daily which needs to be transferred from server to remote backup machine. Peersync is able to encrypt data during tranfer, moreover, data will be transfered via VPN to keep them really secure on the way.

    My primary problem which I need to solve is to make data on remote machine unusable if it is stolen.

    I will try truecrypt and let you know.

    Peersync is the software for windows which seems to be very good (also very expensive). It is able to replicate data with byte-replication algorithm which transfer only those parts of file that are changed. It is something like rsync for linux but packed in the way which almost anybody is able to set up and use.

    Now I have to investigate whether peersync listener (which is service running on target remote backup machine) will collaborate with truecrypt.

    Have a nice day

    LVL 33

    Expert Comment

    by:Dave Howe
     If it can do a by-the-byte comparison, I would suggest setting up one or more truecrypt volumes, then see if you can sync the volumes across, rather than individual files.

      by synching the host volumes, you will only ever be sending pre-encrypted data across the link to the remote host - therefore, if it is stolen, the data stolen will already be inherently encrypted (and worthless to an attacker)

    Author Comment

    Hi both,

    truecrypt is really fantastic, so good that I am not sure why people spend money on Steganos Safe and other similar commercial software.

    I divided points between you.

    Have a nice day

    LVL 32

    Expert Comment

    Thanks and good luck.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
    The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
    This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
    The viewer will learn how to download, install and use CrashPlan from on Windows 8. Open your browser and go to Click get started, it’s free then Click the Download CrashPlan button: Click save in Internet Explorer, the…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now