New SecureBackup Website

We have just released a new website and hope you like it. We will be continuing to add content not only to the website but also to the Online Backup blog. We are quite pleased with the overall design and made it a point to put the words “Secure Online Backup Service” on every web page as this was not apparently clear in our old design. We also provide a link to the demo of our secure online backup service on every page of our new website. If there’s one thing we are consistently asked it’s “how does your backup solution work?” or “do you provide an automatic online backup solution?” These are the kinds of questions that we wanted to address in our overall site design by providing links to content pages and to the SecureBackup demo.

The old SecureBackup website also suffered from a lack of information regarding the SecureBackup PRO and HOME editions. We wanted to differentiate our offerings for both our home and business pro data backup solutions. We also wanted our website logo to be consistent with our software and service and were able to accomplish that as well.

A large majority of our visitors are using the Firefox web browser so we wanted to make sure that the SecureBackup website supported both Firefox and Internet Explorer. There will be more to come in terms of website improvements but we think that our overall design is much better and more accurately reflects the backup services that we provide.

Secure Online Backup

It’s been a while since I posted in reference to my “Secure Online Backup” series. In my, “What Makes an Online Backup Solution, Secure?” post I wanted to address the need to keep servers patched, so here it goes.

Patches are an important part of server reliability and security. There are two types of patches that should be installed as soon as they become available. This is especially true for servers that are “serving” information over the Internet. The first type of patch that we should be concerned about is one that fixes errors within the software running on the server. A particular piece of software could have some issues that keep it from functioning properly. If it crashes or has a memory leak or some other type of issue, it may affect the server somehow. This is less common with modern servers today but could still be an issue for software that doesn’t deal with memory leaks properly. Probably the most important reason for patching software is that it may be tied in with a service that is “served” over the Internet. This is especially true on Linux. So patching software is an important part of server reliability.

The second type of patch that we need to be concerned with are security patches. A security patch fixes a known vulnerability or exploit. Often times, these patches are created in response to a known threat. This means that a server may not always be 100% secure due to the fact that a malicious party may know about the exploit before anything is ever done to resolve it. As previously stated, software companies often release security patches *after* a known vulnerability or exploit has been discovered. It is good practice to install security patches immediately.

In addition to security patches, it is often desirable to have a server that only serves a limited number of services. For example, a backup server only needs to provide the necessary services to allow backups to be performed. If it starts providing additional services, such as email for example, the server will also need to maintain patches for its email services. This can make the server less secure due to the fact that more potential vulnerabilities and exploits can be used to gain unauthorized access.

The SecureBackup backup servers only “serve” data backup services. This makes the service as secure as it can be in terms of vulnerabilities and exploits.

Online Backup Service

SecureBackup, a premier online backup firm, recently announced discounts for clients that wish to be billed on a recurring annual basis.

Canastota, NY — April 9, 2009 — Premier online backup firm, SecureBackup LLC, recently announced that it will be offering discounts for clients that wish to be billed on a recurring annual basis. The company now provides twelve months of service for the price of eleven when prepaid annually. SecureBackup offers data backup options including SecureBackup HOME for personal use as well as SecureBackup PRO for business applications. The new discount applies to both the HOME and PRO editions of SecureBackup.

With eight years of experience in the IT services industry, the professionals at SecureBackup understand the importance of providing alternative payment options as well as discounts to clients. With a commitment to offering reliable backup software, combined with exceptional customer support, SecureBackup is dedicated to offering the best value in offsite data storage.

“Despite the global economic downturn, many businesses continue to see the importance of protecting their data and we want to help them to do that in an affordable way,” says Steve Eschweiler of SecureBackup (http://www.securebackup.com).

SecureBackup offers Federal Information Processing Standard (FIPS 197) A.E.S. file encryption, password encryption that meets National Security Agency (NSA) guidelines, and HIPAA compliance. In addition, SecureBackup provides file compression, multi-threading, and smart file synchronization features which improve backup performance.

“We are confident that our service and features are not only of the highest quality, but that we can offer it at a price that anyone can afford,” concludes Eschweiler.

About SecureBackup LLC: Secure online storage firm, SecureBackup LLC, (http://www.securebackup.com) provides online backup services to a variety of clients throughout the world. Engineered with security, reliability, and ease-of-use in mind, SecureBackup has many features to offer clients at competitive prices.

Media Contact:
Steve Eschweiler
SecureBackup LLC
9 Grago Blvd
Canastota, NY 13032-1005
1-800-351-8816
http://www.securebackup.com

Secure Online Backup

In the “What Makes an Online Backup Solution, Secure?” post, I wanted to address server-side eavesdropping so I’ll do my best to describe it in “English”.

Your online backups are only as secure as your password. What a lot of folks don’t realize is that entering a password online, even with SSL encryption and an HTTPS connection, is not 100% secure. You may wonder why this is so. Afterall, online banking uses SSL encryption when you access your bank account online. Well, the reason why it’s not 100% secure is due to the fact that SSL only encrypts the communication between your computer and the server. Once data enters the server, it is no longer secured by SSL. This is because the server needs to interpret whatever data you sent from your browser to the server. So the data on the server is open to eavesdropping. I’ll be honest and say that eavesdropping is not an easy thing to do. In theory, you first need to gain access to the server. Secondly, you need to install a program on the server that “listens” or “scans” for this type of information. Both of these are hard to do and there measures that a Server Administrator can put in place to help prevent this but it’s still not 100% secure.

SecureBackup avoids the problem altogether by the way in which it was designed. We don’t have a copy of your password so you don’t need to enter it online. Your password is created on your computer and is never transmitted across the Internet. This provides for a level of protection above and beyond what SSL alone can provide. If no password is ever transmitted, no password can ever be intercepted.

This is why SecureBackup requires you to sign up for service within the software rather than online. The main idea here is that everything is created and encrypted right on your computer.

Your Password is Your Security

As mentioned in some of my other posts, your online backups are only as secure as your password. If you want to keep them from prying eyes, you need to safeguard your password. With SecureBackup, we have done what we can on our end to protect it. Secure password protection is the key to having a secure, online backup service.

SecureBackup Client

SecureBackup, a premier online backup firm, recently unveiled its new website where computer users can select from a variety of secure online storage options based on their individual storage needs.

CANASTOTA, NY – Premier online backup firm, SecureBackup LLC, recently announced that it launched a new website to better serve its customers. The website features a variety of secure online storage options, including SecureBackup HOME for personal use as well as SecureBackup PRO for business applications.

With more than eight years of production web server experience, the professionals at SecureBackup understand the importance of providing safe and secure online backup services. With a commitment to offering outstanding backup services, combined with exceptional customer support, SecureBackup has been engineered from the ground up with security in mind. A highly secure data backup solution, SecureBackup does not suffer from server-side eavesdropping attacks. Additionally, all files with SecureBackup are protected using United States government strength AES file encryption techniques.

“We are thrilled with the launch of our new website. Now an even greater number of customers can benefit from the superior online backup services SecureBackup provides. Whether it’s a fire, flood, a computer crash, or other disaster, our customers have peace of mind knowing their data is securely stored and can be easily retrieved when needed,” says Steve Eschweiler of SecureBackup (http://www.securebackup.com).

SecureBackup has many proprietary technologies and measures in place to maintain customer security. At SecureBackup, passwords are never entered online, decrypted online, or stored online. Because the entire encryption and decryption process occurs on its clients’ computers and not on SecureBackup servers, the firm ensures that all measures have been taken to fully protect the information being stored. Additionally, since the process is automated, SecureBackup customers can rest assured that their valuable information is being stored and backed up frequently and securely.

SecureBackup offers a variety of secure online storage options to meet every customer’s specific backup needs. The firm’s SecureBackup HOME package is appropriate for personal use and offers unlimited online backup. With the HOME package, files are backed up directly from the customer’s hard drive, allowing for easy storage of family photos, videos, and other personal files.

For business professionals, SecureBackup PRO is also available, offering 50 GB to 6 TB of safe and secure online storage. Ideal for small business or home office backup, the PRO package also offers customers professionally managed, dedicated backup servers for storing the most sensitive business information.

“People fail to make regular backups simply because it often requires a considerable amount of time and effort. At SecureBackup, we offer automatic online backup with a user-friendly ‘set-it-and-forget-it’ interface to help make this process as painless as possible,” concludes Eschweiler.

About SecureBackup LLC: Secure online storage firm, SecureBackup LLC, (http://www.securebackup.com) provides superior backup storage services to a variety of clients throughout the country. Engineered with security in mind, SecureBackup has many proprietary technologies and measures in place to ensure the safety and security of all files. For personal use, the firm offers SecureBackup HOME, giving customers unlimited storage space for storing family photos, videos and other files. Perfect for the home office or small business, the firm also provides SecureBackup PRO, offering 50 GB to 6 TB of secure online storage.

Media Contact:
Steve Eschweiler
SecureBackup LLC
9 Grago Blvd
Canastota, NY 13032-1005
1-800-351-8816
http://www.securebackup.com

Secure Online Backup

In my “What Makes an Online Backup Solution, Secure?” post, I touched on the fact that an online backup service should never offer a password recovery option because it can subject your password to discovery. I should also have mentioned that some backup services offer an encryption key recovery option instead, which is just as dangerous.

An encryption key is typically a series of bytes generated from your password. So if you had a password that was say, “password123″, it would be transformed into an encryption key. The encryption key is what is used to encrypt and decrypt your files. So whether we are talking about password recovery or encryption key recovery, it is essentially the same thing.

I’ve seen quite a few online backup services offer some form of recovery. Yet these services claim that your backups cannot be viewed by anyone but you. This is simply a misleading statement on their part. The reality is that if the backup service provides a recovery method for your password or encryption key, your backups are at risk. Afterall, a malicious party could claim to be you, provide the right credentials, and then get your password handed over to him, or he could find a way to get your password by hacking the recovery system itself. Either way, your backups are compromised because your password is the only thing protecting them from prying eyes. If you really want to be secure, the online backup service should not have a copy of your password and should never offer a recovery option of any kind.

SecureBackup was engineered from the ground up to be as secure as possible. We simply don’t have a copy of your password or file encryption key stored anywhere. Even if someone held us at gunpoint demanding your password, we wouldn’t be able to provide it. Now you may wonder if we would take the bullet for you? Quite honestly, we wouldn’t have a choice.

Secure Online Backup

As promised in my “What Makes an Online Backup Solution, Secure?” post, I’m going to answer some questions and concerns regarding SSL/TLS backup server connections.

There isn’t a whole lot of difference between SSL and TLS. They both provide a mechanism to secure the communication channel. In terms of transmitting data over the Internet, SSL/TLS connections protect your data from being viewed or modified during transit. This is accomplished through data encryption and digital signatures. Digital signatures ensure that the data has not been altered and prevent “man-in-the-middle” attacks.

In the world of online backup, this ensures that your backup files arrive at your backup server without being intercepted and possibly modified along the way.

SecureBackup pre-encrypts your files using 256-bit AES encryption before they are ever even sent across the Internet. This allows them to be stored securely on the server. However, SSL/TLS adds another level of protection over pre-encryption alone. Not only does it prevent man-in-the-middle attacks, but unlike an FTP backup solution, it also protects usernames and passwords from being intercepted by a malicious party. For example, FTP sends passwords across the Internet in plain text!

Choosing an online backup solution that provides TLS/SSL backup server connections allows for an added level of protection for your data.

Secure Online Backup

I’m glad you asked! I can tell you one thing that makes backing up your data to an online server “secure” and that is that you would have an extra copy of your data stored online in case something bad happened. This would, in theory, protect your data from fire, flood, hardware failure, natural disasters, and other physical forms of data corruption. However, it wouldn’t protect your data from being hacked, downloaded, deleted, viewed, or corrupted. Actually, just storing data online may give you some peace of mind but your data is not necessarily “secure”.

In order for your backups to be secured on a remote server you need to take into account several factors. For example:

Server Security

Are the connections to the backup server secured with SSL or TLS?

Does the server have the latest patches installed to help prevent it from exploits?

Is the server adequately firewalled to prevent unauthorized access?

Does the server have a mechanism to deal with Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks?

Is there a network Intrusion Prevention System (IPS) in place?

Is the data center that houses the server itself, secure?

These are some of the concerns regarding the backup server, but there are other aspects to securing your data such as the backup software and the service.

The Backup Software

Does the backup software use strong file encryption such as 256-bit AES?

Are the password keys generated using SHA-256, SHA-384, or SHA-512 as recommended by the National Security Agency?

The Online Backup Service

Does the service require you to enter your password in a web page form making it prone to server-side eavesdropping and discovery?

Does the service offer a password recovery option which also subjects your password to discovery?

Over the next few weeks, I’m going to address some of these questions and how they relate to the SecureBackup service.

The SBA (Small Business Administration) encourages business owners to prepare for the possibility of a major disaster and offers the following tips:

• Start the disaster plan by identifying what your operation needs to do to protect itself in the face of a natural disaster. Even if you don’t own the building where you do business, take steps to protect your assets.

• Determine what production machinery, computers and other essential equipment is needed to keep your business open. Store extra supplies offsite, and make a plan for a temporary location if your company is forced to relocate after the disaster. Be ready for utility disruptions with a portable generator.

• Find escape routes from the business and establish meeting places. Make sure everyone understands the emergency plan before the storm hits. Designate a contact person to communicate with other employees, customers and vendors.

• Review your insurance coverage to make sure you understand what is not covered. Most policies don’t cover flood damage.

• The National Flood Insurance Program provides coverage to property owners. Go to the NFIP Web site at www.floodsmart.gov.

• Consider business interruption insurance. It covers operating expenses, like utilities, and compensates you for the income lost after a temporary closure.

• Make back-up copies of all tax, accounting, payroll and production records and customer data on computer hard drives, and store the records at an offsite location at least 100 miles away. Important documents should be saved in fireproof safe deposit boxes.

• To protect your property from wind damage, install impact-resistant windows and door systems, or plywood shutters. Hire a professional to evaluate your roof to make sure it can weather a major storm.

• Develop a post-disaster communications strategy. Keep current phone numbers for your suppliers, employees, customers, utility companies, local media, and emergency agencies. Appoint a spokesperson to get the word out that your company is still open and on the road to recovery, to dispel rumors of business failure.

• More preparedness tips for businesses, homeowners and renters are available on the SBA’s Web site at www.sba.gov/disaster_recov/prepared/getready.html. The Institute for Business and Home Safety (www.ibhs.org ) also has information on protecting your home or business. The federal government’s preparedness Web site www.ready.gov is another helpful resource.

For a MySQL installation on Windows Server 2008, 2003, or Windows Vista, backing up your databases can be performed in a couple of different ways.

The first method is more of a hack and involves backing up your entire MySQL “data” directory located somewhere in your “Programs Files” folder (ex:  C:\Program Files\MySQL\MySQL Server 5.0\data). But in order for this to work, you need to stop the MySQL server first and then restart it once the backup is complete. This means that your MySQL server is offline while the backup is performed. In addition to that, backing up your database this way is not a documented method. You are not guaranteed that it will work in future versions of MySQL. There are a few other “gotchas” as well. For example, restoring your backup won’t work if you don’t restore every single database folder that was originally in the MySQL data directory in the first place. In this case, the MySQL Server won’t even start.

THE CORRECT WAY TO BACKUP YOUR MYSQL DATABASES

If you want to play it safe, you should backup your MySQL databases the documented way. The tool of choice for this is “mysqldump.exe” which is located in your MySQL “bin” folder. You can use mysqldump from the Windows Command prompt while running as Administrator.

For those of you with experience in the *nix environment, you probably know how to redirect output to a file. You can do this in Windows with the Command Prompt as well.

If you placed the MySQL path in your Windows environment when you installed MySQL, you should be able to use a command like this in the Command Prompt to backup all of your databases:

mysqldump -uroot –pYOUR_ROOT-PASSWORD --all-databases > “C:\all-databases-backup.sql"

To backup only one database, you could use:

mysqldump -uroot –pYOUR_ROOT-PASSWORD DATABASE-NAME > “C:\database-backup.sql"

Of course, for the above commands to work, you need to substitute the MySQL root password with your own password. The root password was created when you ran the MySQL Server Instance Configuration Wizard during the install process of your MySQL server.

One thing I’ve found is that you should not leave a space between the -u and -r parameters in your mysqldump command. Other than this, it’s rather straight forward to create a MySQL database backup.

If you want more information about mysqldump, click here.

SECURE, COMPRESSED, AUTOMATED ONLINE BACKUP

If you need an automated backup solution for your MySQL databases, you can use a Windows batch file to perform the above mysqldump commands and then set the batch file to run automatically in Windows Task Scheduler. If you also need an automatic online backup solution, you can use SecureBackup™. Simply tell SecureBackup™ where your database backup files are located in one of your backup jobs. I also want to mention that the *.SQL backup files created above are really just text files and can be quite large. SecureBackup™ will automatically compress these files during the backup process and significantly reduce not only their size, but the time it takes to backup these files over the Internet. They will also be encrypted with 256-bit AES encryption.