Curtis Cunningham on technology, music, dogs, and life.

Here’s what it looks like when your laptop drive starts to die, and you’re really really lucky that when you tip the computer on it side just so, it keeps spinning.. and you hope it keeps going long enough to get all your data copied off..

If you don’t have backups of your sensitive data, and you’ve never suffered a lost or stolen laptop, or a hard drive crash.. take note: YOU WILL. I want to discuss some strategies for keeping your data safe both on and off the road through a number of backup, encryption and remote access tools.

The argument for leaving your sensitive data and home, and using secure remote channels to access the data while on the road is made stronger by the increasingly common practice of search or seizure by the authorities of electronic devices, especially when passing through airports. US Senator Feingold has recently taken up the fight by opening a hearing on “Violations of Privacy”. Many people carry a laptop and cell phone while traveling, and for most people these two devices combined will contain a huge amount of personal, work, customer, contact information, etc. Having either or both of these devices seized can cause extreme inconvenience at the very least, and at worst would mean the inability to perform basic job functions. More examples here: 1, 2, 3. It’s becoming increasingly common for organizations to have a complete ban on carrying any sensitive data, anywhere. All data stays in the company data center, and all access is via remote secure channels.

As an aside I’ve found a few stories about police doing regular stops confiscating cell phones and later raiding the contents for call records, text messages, etc. (examples: 1, 2, 3 ). If you and your girlfriend are getting creative with the built in camera, you might want to be careful what you decide to keep on your phone.

Here I’ll go over some techniques and tools I use to help mitigate against losing my data. Note, my main computing tools are Linux/OSX based but you should be able to find something comparable for Windows if that’s your tool of choice. This will also wander off into my whole backup strategy so you’ll see how paranoid I am . If you’re not comfortable with the command line (OSX Terminal application) and afraid of learning, some of this might be of limited use to you.

1. Laptop local OSX encrypted disk
   If you must have sensitive data with you, then this is the bare minimum I would use to keep sensitive information away from prying eyes. If you only take away one thing from this article, this should probably be it. Create a password protected encrypted disk on your laptop, mount it, and use that as your main place for storing documents. Things to consider ..
   • Call the disk something bland, like ‘tmp.dmg’, ‘tmp’ (no suffix), and store it somewhere bland.
   • To mount it, browse to it in Finder, double click it and type in your passowrd. DO NOT save the password in your keychain to save you time later! I hope the reason is obvious to you

     

   • You must unmount the disk to take advantage of the encryption, so that the next access to the data on the disk requires the password to be typed.
     

2. OSX Time Machine with backup drive
   Use the OSX built in Time Machine feature. I had a little laptop sized USB drive (any of these should do) laying around I wasn’t using so I configured that to work with Time Machine, and now I just plug that into a USB port every now and then and it just works it’s magic. No other intervention needed. The drive stays on my desk, if the laptop moves (e.g. lounge, bed, coffee shop, customer) the drive is unplugged and left at home.

   If you take this with you, you risk losing it (or having the TSA help themselves to it). If you haven’t got any other backup system running you obviously risk losing the lot, and potentially giving a thief (or the TSA) a wonderful long term archive of your data. UNPLUG IT AND LEAVE IT ON THE DESK AT HOME!

3. Document sharing from home server
   I have a Centos (based on RedHat Linux, but free unlike RedHat) based home server that is used for personal and documents, music, photos, websites, playing around with, etc. In that I have a chunk of storage and I access it inside my network from my Mac laptop using the Windows SMB service. For day to day stuff at home (I usually work at home) I just access my data/docs on the network server from my other machines.

4. Rolling backups on the internal server
   On my internal server, I have a separate drive dedicated for backing up the other internal drive(s). I use an amazing little tool for this called Snapback2. It’s super flexible and you can configure hourly, daily, weekly and monthly backups. Here’s what I have:

   Hourlies 4
Dailies 7
Weeklies 4
Monthlies 12

   This means I have 4 backups during a 24 hour period, 4 weekly backups, and 12 backups going back a year. It one of those tools that only makes one copy and uses hard links for subsequent references to the file, helping minimize the space used.

5. Off-site backups
   I have a buddy who lives up in Northern California. He has a similar server based setup for his documents. We run nightly rsync backups so all my critical data is copied up north to his server, and all his is copied down south to my server. If you use this technique, you’ll have to find someone you trust and who trusts you, as you’ll both have complete access to each others’ data.

6. Working with documents off-line
   I do have to every now and then disconnect and invariably want to take some documentation with me. This allows me to work on stuff while in a coffee shop, on a place to a customer, etc. To do this, I’ll rsync from my document repository on my server to a location on my laptop. Any convenient laptop subdirectory location can do, but it’s best to create a password protected encrypted disk as per #1 higher up the page, mount it, and rsync data from the server to the encrypted disk. Use rsync commands in a script something like the following to make the copy ..

   # from server to laptop
rsync -avb curtiscu@my-home-server:/home/curtiscu/documents /Volumes/MyDisk/

   # from laptop to server
rsync -avb /Volumes/MyDisk/ curtiscu@my-home-server:/home/curtiscu/documents

7. Secure remote access to your data and documents
   If I’m away from home and really really need something and I either don’t have it on my laptop, or my laptop isn’t with me at all (the TSA got me!), I’ve a few methods I can use to view/access my data at home.
   • SSH/SCP
     Old faithful! Note this tip is based on having a home server with an SSH services running, and you should have opened a port on your home router (typically 22) to allow access from the internet to your server. Note this is a bundle of utilities, the most useful ones for me are SSH, and SCP, and they come free with most Linux distros, or can be downloaded from here. This’ll allow you to login and poke around your documents folders on the server, or copy some off that you need. To do this you can use your OSX/Linux command line (see “man ssh”, “man scp”), or for windows there several free client programs you can use like Putty and WinSCP.

   • Tarantella/Secure Global Desktop (SGD)
     SGD is a fantastic product that will allow you to access lots of different kinds of servers from lots of different kinds of client (laptop/desktop) computers. From outside your network where your data lives, you can use a web browser on a computer, point it to your home server, login with a user name and password and depending on how you have it configured, launch individual applications in windows, or whole desktop sessions.. all appearing on your local computer. From there you can view, print, or upload download documents to your local computer.

     Full disclosure, this is the main product I’ve working in/on/under/over and specialized in for over 10 years, so I am completely biased here. Note it’s mostly used by large organizations, so I wouldn’t expect many (read: any) home users to entertain this one.
     More about the product and its history on wikipedia, download a 30 day demo version, try the online demo.

   Alternatives you could play with (some free, some not) include VNC (there are also many clones), Windows RDP (download, YouTube vid tutorial), Goto MyPC. Any of these will usually require changes to your home router/firewall to allow the traffic through.

Next steps to improve my backups include finding a volunteer on the east coast (in case the west coast is “hit by the big one”), and to find someone perhaps in Ireland to push backups to in case an asteroid hits. Hey, it’s not happy times I’m planning for here!

These are all the ways I try and not lose my data, or let it stray where I don’t want it to. I hope you found some of this useful. If you have any comments, criticisms, or other favorite security or backup related procedures you’d like to share, please comment.