File encryption, backup strategies, what / how

Discussion in 'computers, web and general tech' started by xenon, Aug 18, 2015.

  1. xenon

    xenon Radical efficiencies

    *Warning boring post for most*

    So I'm not happy with my current niave backup strategy and wondering what the most convenient way of sorting this out is, if there is one.


    Maybe I'll regret posting on a public forum... As of now, I have a Robocopy script in Windows that backs up my documents to a NAS.
    The files are neither encrypted on my PCs or the NAS.

    The NAS is password protected and behind a pretty decent firewall and not accessible from the web assuming no catastrophic bug

    I can't use AES on the NAS because the webgui doesn't work with the screenreader I use.

    I was hoping I could use EFS on Windows but this gets decrypted when copied to the NAS.

    I do use a veracrypt USB stick as another backup but it's the automated scripted backup and encryption thing I want. The NAS will be eventually replaced with a standard Linux box.

    There's GNupg I suppose but the Windows version was horrible last time I looked.

    Er anyway, what do you do if you have sorted this?
     
  2. kropotkin

    kropotkin libcom

    I have a local backup that runs continually using bittorrent sync to my rasperry-pi server on my home network. Then every night I have a remote one installed at my dad's house that turns on, boots up and is accessed via a cron job running bit torrent sync again for 3 hours.
     
  3. beesonthewhatnow

    beesonthewhatnow going deaf for a living

    Anything important goes to two different cloud accounts. Nowt more than that.
     
  4. xenon

    xenon Radical efficiencies

    I'm using a VPS for something else ATM. I spose I could also use Rsync over SSH to backup from the NAS to that, not nightly. I don't do that much work. :D


    I'm starting to look round for replacement options for the NAS> I've got a Pi but personally find the SD cards really fidly. I'm not that heavy handed generally but I've only got one that boots. Plus I don't want to use 2 plugs, Pi plus disk array. Want everything in one box.
     
  5. xenon

    xenon Radical efficiencies

    Yeah. Dropbox encrypts everything. Easiest way. I could just use that too. Ideally I'd like a seemless cross platform automatable encryption service that I have complete control over at both / all ends... OH and easy to use with mimimal learning curve. Moon on stick etc. :D
     
  6. bi0boy

    bi0boy Power User

    I copy photos onto my backup drive. Sometimes I save them directly to my backup drive and copy them to my normal drive. I now have two folders of photos totally 201GB each, the contents of which is about 85% identical. One day I will go through both folders and put one copy of each unique file on to a third back up drive, preferably before either of the current drives fails.
     
  7. Lazy Llama

    Lazy Llama Suburban robots that monitor reality

    As you're already using VeraCrypt, why not create an encrypted container on the NAS drive and store the documents in that?
     
    dervish and Pickman's model like this.
  8. xenon

    xenon Radical efficiencies

    Good point. Only installed Veracrypt last week. I need to RTFM on how best to do that.
     
  9. Miss-Shelf

    Miss-Shelf I've looked at life from both sides now

    how can I encrypt a portable hard drive? I won't be able to use it for work any more if I don't encrypt them

    I don't know what many of the terms used above mean.
     
    farmerbarleymow likes this.
  10. cybershot

    cybershot Well-Known Member


    You can buy drives already encrypted, https://www.amazon.co.uk/Kingston-D...&qid=1522244240&sr=8-3&keywords=encrypted+usb

    or use something like this: VeraCrypt - Free Open source disk encryption with strong security for the Paranoid Where you can either encrypt the whole drive or just create a passworded container. You'll need VeraCrypt on all machines to access the data thou, or create a portable version.

    Most of the already encrypted drives have software that launches and you have to enter a password, they usually work without any software needed to be on the computer beforehand. Many won't work on Macs or Linux thou, so if you need it cross platform do your research or learn how to use VeraCrypt.
     
    Miss-Shelf likes this.
  11. Miss-Shelf

    Miss-Shelf I've looked at life from both sides now

    cybershot thank you

    VeraCrypt - is VeraCrypt a software that I'd need on all pc's I use? I use many machines across home and work - hence the portable hard drive [which has more storage than my workplace cloud storage]

    I have two portable hardrives - one I use everyday and one a weekly back up - I don't use a passwork on either - can I add a passwork now to the whole drive without loosing data?
     
  12. joustmaster

    joustmaster offcumdun

    Your OS should offer an option to encrypt.
    What do you use?


    But really - your work should really offer an option, if its for work stuff
     
  13. Miss-Shelf

    Miss-Shelf I've looked at life from both sides now

    My work offer a small amount of storage via onedrive but I can't then access docs on my [non work] phone unless I upload intrusive data agreements from work. Which I won't do on a non-work phone. So I access work emails etc on the go via a browser

    Windows 10 is what I use at home [where I do up to 40% of my work] Don't have a work laptop - it is personal even though work should supply us with one, they don't

    Ahead of GDPR we've all had to do some training about security etc
    Now I have *officially* agreed that I know I should use encryption on hard drives I feel slightly different than when I knew I should but didn't admit it, officially
     
  14. Lazy Llama

    Lazy Llama Suburban robots that monitor reality

    Miss-Shelf and cybershot like this.
  15. cybershot

    cybershot Well-Known Member

    I always forget about Bitlocker to Go because I've been using VeraCrypt forever! Plus you need Pro or Enterprise to create the disk in the first place, which should be the case in most work places, however it's probably the simplest solution if Pro/Enterprise is available to you.
     
    Miss-Shelf likes this.
  16. xenon

    xenon Radical efficiencies

    Don't you need a motherboard with a TPM to use Bitlocker?
    <reads link>


    You can run Veracrypt itself from a portable drive but it seems a bit of a faff.
    VeraCrypt - Free Open source disk encryption with strong security for the Paranoid

    Pretty shoddy of work not to supply something though. Our GDPR advice has been that we can't use non work systems to store client data. Paraphrasing. Which raises some interesting questions about sending client info to external email addresses...
     
  17. Lazy Llama

    Lazy Llama Suburban robots that monitor reality

    xenon likes this.
  18. cybershot

    cybershot Well-Known Member

    Not for Bitlocker to go

    As for email, it's pretty simple to set up a UTM type device that will automatically encrypt emails between servers that use the same set of protocols, or theres plenty of options for commercial software for dealing with attachments and even free stuff, or as said above create VeraCrypt containers. End of the day it's going to be something for your IT Security Officers to figure out why you as an employee just cover your own arse.

    Microsoft has you covered if you're a business using Office 365: Microsoft Trust Center | General Data Protection Regulation (GDPR)
     
    xenon likes this.
  19. xenon

    xenon Radical efficiencies

    Our problem with email, without going into too much detail, is we have to email some client details to people who use gmail, Hotmail etc. We've been told to carry on doing this for the time being though it's being looked at.
     
  20. cybershot

    cybershot Well-Known Member

    I've been out the email encryption game for a few years now but I know hotmail and gmail already have TLS enabled, so as long as your end server does then it should encrypt the email, however wether this level of encryption on email satisfies the ICO is another matter, as I'm not in that arena anymore I haven't really been keeping tabs on it.

    Transport Layer Security (TLS) - GOV.UK

    The real issue is going to be for companies who are doing all IT in house still.

    I guess if your sending PII externally you need to try and remember beforehand to potentially use another form of encryption, as expecting employees to look up a list of 'known safe' domains to email where end to end encryption is automatic, would be unrealistic, but then again, perhaps it may be needed in order to know what tool to also use for what provider.

    Minefield.
     
  21. farmerbarleymow

    farmerbarleymow Sweetcorn, Seagulls and Wasps are Brilliant!

    That's what I use on the three backup drives (two portable, one a bit big to cart around) - although I think mine is the full version as I'm on W10 Pro.

    The 4Tb drive is used to backup continuously, and the other 2Tb drive is a static copy of all my data, which I update manually every few weeks. I've not used the big backup drive for a while, as the portable ones are smaller and easier to manage. I take the two portable drives to work with me so if I'm burgled I'll have the data - the laptop can be replaced.

    I've been pondering encrypting the laptop HDD, as the machine doesn't have a TPM chip - so will have a look at the link posted above.
     
  22. sim667

    sim667 Licking windows on the 303 bus.

    I have time machine backing up to a mirrored RAID, and then I have a livedrive backup in case my house burns down

    Live drive is 5TB limit, so I have a backup of all my machines on that.
     
  23. cybershot

    cybershot Well-Known Member

    World Backup Day on Saturday, so was a good time to bump the thread anyway! ;)
     
    farmerbarleymow and Lazy Llama like this.
  24. discobastard

    discobastard ____*\(oo)/*____

    Hi all. Can somebody recommend a decent hardware (or maybe cloud) backup option?

    I know I can back up to the cloud etc, but I just don't trust it with my data. Happy to receive suggestions for secure and trusted cloud backup if you wish though.

    But what I would really like is suggestions for decent a decent hard drive backup. My machine has about 500GB on it (inc OS etc) but is mainly music and photos/videos. I have a Samsung drive with Samsung Drive Manager but the software is really tedious and doesn't seem to let you update backups and I get error messages without any explanation.

    I just want something that it really easy, either a very secure cloud backup solution that isn't massively pricey or a hard drive that has some software with it that actually does what it says and doesn't fuck me around.

    TIA
     
  25. sim667

    sim667 Licking windows on the 303 bus.

    For a "cloud" backup solution I use livedrive and am very happy with them. Its not cheap (£15 a month), but it lets me back up 3 computers, 2 ipads and an iphone, plus gives me 5tb of general online storage.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice