Creating a small business backup 101

[techwithoutanet]

I'm a friend of a small business owner who has asked for my opinion about backing up their stuff, as they were recently hacked and had massive data loss, because whoever accessed the network ran commands to wipe the drive irretrievably. I've only done Tier 2-3 support, and have never built a network before, but I know just enough to be dangerous.

Help me be less dangerous?

They have a limited amount of workstations, and they all shared a "server" they all logged into and backed up their work. I think it was treated mostly like a share or a dumb file server. They're not big enough for AD or all the bells and whistles that I'm familiar with. I need to think smaller.

I want a secure backup method to offer them, but I'm only familiar with tape drives on a nightly, incremental basis. Is there a NAS I can plug into the server that could make a backup every night, and secure the NAS from being erased if someone got access to the server?

(For the record, I know they need to go to each machine and set local security policy, install AV and firewall. I don't think they have proper protections in place. Plus, probably weak password policy. That will be my first recommendation to prevent a repeat of what happened.)

I've spent a long time searching Tom's in the past for assistance during my job, but this is the first time I really needed to reach out and get something I didn't see (yet) covered. Thanks for the help to a first-time poster.

 

[Scottray]

A cloud solution might be better, especially if they're just using the server to store and/or share files. Take a look at www.syncplicity.com.

 

[canadianvice]

If people get access to any computational device, it's done.

If you want a true, proper backup solution, you need two things:
1. Removable media
2. Offsite

Offsite is because things happen and life can suck, you don't want all your eggs in one basket.

Removable is critical, because anything that exists on your network is, worst-case, accessible to someone who would do you harm. Additionally, my experience: never assume an employee is smart. They are often the most egregious level of troglodyte and will almost actively seek out to undermine your best efforts. With crypto viruses as well - this is damage that CANNOT be repaired if your system is accessed, and once they have internal access without hitting additional firewalls there's not going to be much stopping them.

This is probably where something kind of like your tape drives comes in - it has to be some sort of removable media that can be copied off at longer intervals.

The only thing that is ever "safe" is air-gapped/not attached to the network in any capacity. I'm hardly qualified to opine on exactly how to set that sort of thing up, but it should be mentioned for your considerations.

And please understand I don't mean to be patronizing if this does occur to you as obvious; it's just my experience has often been that the obvious is fairly unobtrusive when one is brainstorming around such things and needs them explicitly defined.

 

[smorizio]

with any work with pc and backup you need to make the backup server on in own vpn/ip with a switch and or other hardware. you dont want anyone to be able to ping your work network and see the backup server/hardware. i would look at vmware for workstations. you can set it up so that workers can use there aps and if need to go onto the web. if it was an x employee that hit your system with vm software when there fired or leave the company you can with a few clicks remove them from the vm servers. with backup of data it more then one item that you want to use. depending on the amount of data that needs to be backed up you would start with a nas for speed. with the right software after the main backup is done all you would backup is changes to the main backup. the next level would be a dvd/blueray backup. once a month backup where he can take the disk off sight and store them. third level would be a tape backup done once every 12 months. as posted before cloud backup will save your butt if there a fire or flood and level one or two backups are killed. the last backup is a usb stick if the data will fit on it. take that stick put it in a fire proof safe. on your work pc you may want to put some nanny software that stop people from going to sites that they should not go to during work hours. most infection now are from drive by web pages...ones that look real but a scam sites or real sites that have been hacked with viral code. make sure pc have ad blocks software on them and updated browsers. also do a little training make sure to train them to look out for scam emails and not to open them. also if a pc does get infected for them to turn the pc off and unplug it from the network. then do a full wipe and restore. have the boss when he starts swapping out pc to try and use the same pc so that you can make a clean image and save it to the network if the pc gets infected. microsoft also make tools to help end users make there own custom iso installers. a lot of that training is free from ms.

 

[jsmithepa]

The only thing I have to contribute here are.....

People still use tape? HD storage are dirt cheap, and can you imaging the time it would take to backup to tapes?

Cloud solutions are fine if amount of data relatively small and/or you have a large Internet pipe download and upload.

I know at least *some* backup need to be offline, that's the sure fire way its contents are uncompromised, and that means it won't be totally automated, somewhere a trusted employee has to bring the device online/offline.

Somebody has the define the backup frequency, how current do you need to be? how many generations of archives if any?

Honestly, backup is a boring subject, my take is, folks in this forum are more into the "flashy" stuff. If I know more about this thing and able give u an executive summary I may think of offering you my services.

 

[kanewolf]

The only thing I have to contribute here are.....

People still use tape? HD storage are dirt cheap, and can you imaging the time it would take to backup to tapes?

Cloud solutions are fine if amount of data relatively small and/or you have a large Internet pipe download and upload.

I know at least *some* backup need to be offline, that's the sure fire way its contents are uncompromised, and that means it won't be totally automated, somewhere a trusted employee has to bring the device online/offline.

Somebody has the define the backup frequency, how current do you need to be? how many generations of archives if any?

Honestly, backup is a boring subject, my take is, folks in this forum are more into the "flashy" stuff. If I know more about this thing and able give u an executive summary I may think of offering you my services.

This isn't a backup solution, but a response to "People still use tape?" The answer is ABSOLUTELY. It is still the cheapest storage medium for petabyte data. A 12TB LTO tape is about $300 if you buy a bunch of them. A large tape robot will hold 10,000 of them. That is 120PB of data, 200PB if you have compressible data. That does not use any electricity to maintain that data.
Modern LTO tape drives write at 400MB/s That is faster than a single disk. It is not faster than disk arrays, but it is cheaper.

The "dirty secret" in cloud storage is that they use tape... SHHHH!!!!! Amazon glacier uses tape.

There is a market for tape. It is a specialized market, but if you investigate what is being backed up in the big data sciences like colliders and radio telescopes, you will understand.

 

[USAFRet]

I want a secure backup method to offer them, but I'm only familiar with tape drives on a nightly, incremental basis. Is there a NAS I can plug into the server that could make a backup every night, and secure the NAS from being erased if someone got access to the server?

Read here:
http://www.tomshardware.com/forum/id-3383768/backup-situation-home.html

Scale up or down as needed.