Encrypting backups to avoid disasters

The long view of security strategies for your network.

As a CISSP, a security consultant, a professor of information assurance and a program director for security studies, I’d be terminally embarrassed to tell clients and students to do what I wouldn’t do myself.

So what do I do about encrypting my own backups? I take daily incremental backups (that is, backups of files changed since the last backup) using WinZIP and its archive-flag option to distinguish among files changed on the same day before and after the backup. Specifically, I check the options labeled “Include only if archive attribute is set” and “Reset archive attribute.” Then I encrypt the ZIP file (typically called “BUyyyy-mm-dd.ZIP”) to my own PGP public key, creating a file called “BUyyyy-mm-dd.zip.pgp”. These individual files are usually 100MB to 300MB.

The backup files are stored on my RAID-1 hard disk system and new ones copied daily to an external USB hard disk drive. The contents of the USB drive are synchronized daily with the hard drive on my laptop computer, providing a total of three current near-identical file sets (not counting the RAID-1 copy).

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

As a CISSP, a security consultant, a professor of information assurance and a program director for security studies, I’d be terminally embarrassed to tell clients and students to do what I wouldn’t do myself.

So what do I do about encrypting my own backups? I take daily incremental backups (that is, backups of files changed since the last backup) using WinZIP and its archive-flag option to distinguish among files changed on the same day before and after the backup. Specifically, I check the options labeled “Include only if archive attribute is set” and “Reset archive attribute.” Then I encrypt the ZIP file (typically called “BUyyyy-mm-dd.ZIP”) to my own PGP public key, creating a file called “BUyyyy-mm-dd.zip.pgp”. These individual files are usually 100MB to 300MB.

The backup files are stored on my RAID-1 hard disk system and new ones copied daily to an external USB hard disk drive. The contents of the USB drive are synchronized daily with the hard drive on my laptop computer, providing a total of three current near-identical file sets (not counting the RAID-1 copy).

At the end of each month, all of that month’s backup files are copied to a DVD as part of the monthly full backup. The DVDs are stored in a fire-resistant safe.

Some critics of backup-encryption claim that the risk of having a single bad bit on an encrypted file will result in complete inaccessibility of the entire file. This warning is correct for a PGP-encrypted file, but error rates on 300MB files on hard disks and DVDs are negligible in my experience. Tape drives might cause more risks.

As a matter of interest, I read and write five PGP “PGD” disk encryption files every day: one 0.5GB, three 2GB and one 4GB. None of them has ever had a disk error that prevented me from using them in the six months since I installed them to create encrypted volumes on my hard drives.

Readers must keep in mind that encrypting backups increases the complexity of archival storage. In addition to being concerned about changes in hardware, operating systems, backup software, application software, and file formats, archivists must also keep in mind that changes in encryption keys or algorithms will necessitate careful planning to ensure that older backups will be usable, either through careful storage of software and keys or through data decryption and re-encryption.

Finally, what about the decryption keys? I make a point of storing the complete PGP installation file set, including my license, in a ZIP file along with my set of PGP keyrings on two copies of a separate CD-ROM stored in two separate places apart from my backups disks. And yes, I also store copies of the WinZIP installation file on each of those CD-ROMs.

I wonder if I should wear another pair of suspenders and an extra belt?

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.