Secure Online Backup

As promised in my “What Makes an Online Backup Solution, Secure?” post, I’m going to answer some questions and concerns regarding SSL/TLS backup server connections.

There isn’t a whole lot of difference between SSL and TLS. They both provide a mechanism to secure the communication channel. In terms of transmitting data over the Internet, SSL/TLS connections protect your data from being viewed or modified during transit. This is accomplished through data encryption and digital signatures. Digital signatures ensure that the data has not been altered and prevent “man-in-the-middle” attacks.

In the world of online backup, this ensures that your backup files arrive at your backup server without being intercepted and possibly modified along the way.

SecureBackup pre-encrypts your files using 256-bit AES encryption before they are ever even sent across the Internet. This allows them to be stored securely on the server. However, SSL/TLS adds another level of protection over pre-encryption alone. Not only does it prevent man-in-the-middle attacks, but unlike an FTP backup solution, it also protects usernames and passwords from being intercepted by a malicious party. For example, FTP sends passwords across the Internet in plain text!

Choosing an online backup solution that provides TLS/SSL backup server connections allows for an added level of protection for your data.

Secure Online Backup

I’m glad you asked! I can tell you one thing that makes backing up your data to an online server “secure” and that is that you would have an extra copy of your data stored online in case something bad happened. This would, in theory, protect your data from fire, flood, hardware failure, natural disasters, and other physical forms of data corruption. However, it wouldn’t protect your data from being hacked, downloaded, deleted, viewed, or corrupted. Actually, just storing data online may give you some peace of mind but your data is not necessarily “secure”.

In order for your backups to be secured on a remote server you need to take into account several factors. For example:

Server Security

Are the connections to the backup server secured with SSL or TLS?

Does the server have the latest patches installed to help prevent it from exploits?

Is the server adequately firewalled to prevent unauthorized access?

Does the server have a mechanism to deal with Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks?

Is there a network Intrusion Prevention System (IPS) in place?

Is the data center that houses the server itself, secure?

These are some of the concerns regarding the backup server, but there are other aspects to securing your data such as the backup software and the service.

The Backup Software

Does the backup software use strong file encryption such as 256-bit AES?

Are the password keys generated using SHA-256, SHA-384, or SHA-512 as recommended by the National Security Agency?

The Online Backup Service

Does the service require you to enter your password in a web page form making it prone to server-side eavesdropping and discovery?

Does the service offer a password recovery option which also subjects your password to discovery?

Over the next few weeks, I’m going to address some of these questions and how they relate to the SecureBackup service.

The SBA (Small Business Administration) encourages business owners to prepare for the possibility of a major disaster and offers the following tips:

• Start the disaster plan by identifying what your operation needs to do to protect itself in the face of a natural disaster. Even if you don’t own the building where you do business, take steps to protect your assets.

• Determine what production machinery, computers and other essential equipment is needed to keep your business open. Store extra supplies offsite, and make a plan for a temporary location if your company is forced to relocate after the disaster. Be ready for utility disruptions with a portable generator.

• Find escape routes from the business and establish meeting places. Make sure everyone understands the emergency plan before the storm hits. Designate a contact person to communicate with other employees, customers and vendors.

• Review your insurance coverage to make sure you understand what is not covered. Most policies don’t cover flood damage.

• The National Flood Insurance Program provides coverage to property owners. Go to the NFIP Web site at www.floodsmart.gov.

• Consider business interruption insurance. It covers operating expenses, like utilities, and compensates you for the income lost after a temporary closure.

• Make back-up copies of all tax, accounting, payroll and production records and customer data on computer hard drives, and store the records at an offsite location at least 100 miles away. Important documents should be saved in fireproof safe deposit boxes.

• To protect your property from wind damage, install impact-resistant windows and door systems, or plywood shutters. Hire a professional to evaluate your roof to make sure it can weather a major storm.

• Develop a post-disaster communications strategy. Keep current phone numbers for your suppliers, employees, customers, utility companies, local media, and emergency agencies. Appoint a spokesperson to get the word out that your company is still open and on the road to recovery, to dispel rumors of business failure.

• More preparedness tips for businesses, homeowners and renters are available on the SBA’s Web site at www.sba.gov/disaster_recov/prepared/getready.html. The Institute for Business and Home Safety (www.ibhs.org ) also has information on protecting your home or business. The federal government’s preparedness Web site www.ready.gov is another helpful resource.

For a MySQL installation on Windows Server 2008, 2003, or Windows Vista, backing up your databases can be performed in a couple of different ways.

The first method is more of a hack and involves backing up your entire MySQL “data” directory located somewhere in your “Programs Files” folder (ex:  C:\Program Files\MySQL\MySQL Server 5.0\data). But in order for this to work, you need to stop the MySQL server first and then restart it once the backup is complete. This means that your MySQL server is offline while the backup is performed. In addition to that, backing up your database this way is not a documented method. You are not guaranteed that it will work in future versions of MySQL. There are a few other “gotchas” as well. For example, restoring your backup won’t work if you don’t restore every single database folder that was originally in the MySQL data directory in the first place. In this case, the MySQL Server won’t even start.

THE CORRECT WAY TO BACKUP YOUR MYSQL DATABASES

If you want to play it safe, you should backup your MySQL databases the documented way. The tool of choice for this is “mysqldump.exe” which is located in your MySQL “bin” folder. You can use mysqldump from the Windows Command prompt while running as Administrator.

For those of you with experience in the *nix environment, you probably know how to redirect output to a file. You can do this in Windows with the Command Prompt as well.

If you placed the MySQL path in your Windows environment when you installed MySQL, you should be able to use a command like this in the Command Prompt to backup all of your databases:

mysqldump -uroot –pYOUR_ROOT-PASSWORD --all-databases > “C:\all-databases-backup.sql"

To backup only one database, you could use:

mysqldump -uroot –pYOUR_ROOT-PASSWORD DATABASE-NAME > “C:\database-backup.sql"

Of course, for the above commands to work, you need to substitute the MySQL root password with your own password. The root password was created when you ran the MySQL Server Instance Configuration Wizard during the install process of your MySQL server.

One thing I’ve found is that you should not leave a space between the -u and -r parameters in your mysqldump command. Other than this, it’s rather straight forward to create a MySQL database backup.

If you want more information about mysqldump, click here.

SECURE, COMPRESSED, AUTOMATED ONLINE BACKUP

If you need an automated backup solution for your MySQL databases, you can use a Windows batch file to perform the above mysqldump commands and then set the batch file to run automatically in Windows Task Scheduler. If you also need an automatic online backup solution, you can use SecureBackup™. Simply tell SecureBackup™ where your database backup files are located in one of your backup jobs. I also want to mention that the *.SQL backup files created above are really just text files and can be quite large. SecureBackup™ will automatically compress these files during the backup process and significantly reduce not only their size, but the time it takes to backup these files over the Internet. They will also be encrypted with 256-bit AES encryption.

SecureBackup™ offers Secure Online Backup

SecureBackup™ PRO was designed with the business owner in mind. Since we are business owners ourselves, we know how important your data is and how data-loss can affect your bottom line. We also know how important it is that your data is not only stored in a safe and secure offsite location, but that you will be able to restore your data quickly and easily in the event of data-loss.

The SecureBackup™ software and service was built from the ground up to be both reliable and secure. We have taken every measure to ensure the highest degree of protection for your data. In addition to that, we have found that our service exceeds the quality of our competitors in many ways:

• We don’t fool you into thinking that your data needs to be encrypted twice in order to be more secure. That’s an actual claim by one of our largest competitors.
• We use 256-bit AES file encryption. If that’s good enough for the U.S. Government to protect classified information, we’re pretty sure it’s good enough for your sensitive business data.
• We offer undiscoverable password protection along with SHA-256, SHA-384, & SHA-512 password encryption which is recommended by the National Security Agency.
• We don’t offer a password recovery option because that can compromise the security of your backups in more then just one way.
• We provide free technical support to all of our clients. We also provide 24/7 emergency phone support to our dedicated backup server clients.
• We do not throttle the bandwidth to our servers in any way. In plain English, this means you get the maximum amount of speed possible for transferring your backups to and from our servers. We provide burstable speeds up to a full 100 MBPS. As a matter of fact, we performed a full backup of 2,598 MB (2.5 GB) of data consisting of 43,289 files in just under 4 hours on one of our production servers with SecureBackup™ PRO.
• We do not limit the types of files that you are allowed to backup. Some online services do this to prevent you from backing up files in order to save money and reduce their bandwidth costs. We don’t restrict you from backing up anything. If you want to back up an .EXE file in your Programs directory, you can certainly do so.
• Some online backup services prolong the backup process and even state that it may take weeks to perform your backups. SecureBackup™ can backup your data immediately and does not prolong the backup process. If you need to, you can pause SecureBackup™ and pick up where you left off by simply clicking a button.
• SecureBackup™ allows you to backup data not only from your hard drives but also from any computer on your network.
• Unlike some of our competitors, we offer fully compressed backup space. When you backup your files with SecureBackup™, you might be able to store up to 1.5 times more data than what your plan allows due to our compression algorithm.

For more information about pricing, please see our Plans & Pricing page. Or click here to view a demo of SecureBackup™ PRO.

If you have any questions or concerns, please do not hesitate to contact us. We look forward to serving you!

Click here to learn more about SecureBackup™ PRO!

Today I wanted to talk about how to setup an automatic SQL Server backup solution and also how to back it up online with SecureBackup. I am using Microsoft SQL Server 2008 Express but you should be able to use these instructions for all versions of Microsoft SQL Server 2005 and Microsoft SQL Server 2008.

In my case, the database files are located in the following directory:

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA

As you may already know, you cannot backup the *.MDF and *.LDF database files directly because they are attached to the SQL Server. You could detach them, back them up, and then re-attach them but then your database will be offline for a period of time.

To solve this problem, we first need to create a SQL file that can be used later to automate our database backup. Here’s how we can do that:

CREATE AN SQL FILE

1. Login to Microsoft SQL Server Management Studio.
2. Right click on your database from the “Databases” node.
3. Select “Tasks” -> “Back up…”
4. You are now presented with the “Back up Database” window. In this window you can specify your backup settings. At a minimum, you need to create a destination for your backup. Click the “Add” button and specify a full path name for your database backup in the “File name” field. You will need to use this path name later, so let’s take note of it.
5. You can choose any other backup options that are important to you. Over on the left hand side is “Options”. I would click on that and decide whether you want to use “append to an existing backup set” or “overwrite all existing backup sets”.
6. Once you are finished with your settings, you need to create an SQL file which will be used later for the automated database backup. To create that SQL file, click on the arrow next to “Script” at the top of the window. There will be an option for “Script action to File”. Go ahead and select that option. You will then be able to save your SQL Server Script File. Take note of where you have saved this file as well.

CREATE A BATCH FILE

Now that we have created the SQL file, we need to create a batch file that can be automatically executed by the Task Scheduler. To create this file, do the following:

1. Open Notepad and enter the following:
   sqlcmd -S .\SQLEXPRESS -i "C:\Users\Administrator\Documents\Backup.sql"
   Of course, substitute the pathname with the pathname of where you saved your SQL file.
2. Save this file and take note of where you saved it.
3. Now, using Windows Explorer, go to the directory of where you created this file and rename it to have a .bat filename extension instead of .txt.

SET BATCH FILE TO RUN IN WINDOWS TASK SCHEDULER

We are now ready to add the batch file to the Task Scheduler. Rather than using the Task Scheduler GUI, I prefer to do it on the command line. You can open a command prompt as Administrator or if you are already running as Administrator, you can use Start -> Run. Either way, enter the following:

schtasks /create /sc Daily /st 03:30:00 /tn "MyTask" /tr "cmd /c C:\Users\Administrator\Desktop\Backup.bat"

Again, substitute the pathname above with that of your batch file.

Also, set the time specified to something that is desirable for you. In the above example, we run this task at 3:30 AM.

SET SECUREBACKUP TO BACKUP YOUR DATABASE

The time specified in the Task Scheduler step above is important because you need have SecureBackup automatically backup the database file after the task is complete. Since the backup took place at 3:30, you can setup SecureBackup to run the backup at say, 4:00 AM. This way you will have the most recent backup.

From within the SecureBackup software, you need to create or edit an existing  Backup Job and include the location of the backup file that you chose in step 4 of “CREATE AN SQL FILE” above. If the file isn’t listed and you can’t select it from within SecureBackup, it’s because Windows Task Scheduler has not run your batch file yet. To run the batch file, simply double click on it from within Windows Explorer. It may take anywhere from 10 seconds to, possibly, a few hours depending on how large your database is. Once complete, you will have your database backup file and can select that file from within SecureBackup. You will also be able to schedule the Backup Job around how long it took for that batch file to complete.

You now have an automated backup solution for your Microsoft SQL database complete with a secure online storage solution. I hope this post was helpful to you.

Intuit’s QuickBooks Pro software offers an online backup service for your company files. As a long time QuickBooks Pro user, I can tell you that I have NEVER used this service simply because it’s not worth the price they are asking.

As a business owner and QuickBooks Pro user, I figured that if I’m going to actually pay for an online backup service for my accounting data, I should be able to backup my other important business documents as well.

With SecureBackup, you aren’t tied down to backing up only your company file. You can backup anything else you need such as your tax files, your legal documents, your email correspondence, your Microsoft Excel, Word, PowerPoint documents, and anything else that is critical to your business.

With SecureBackup, your QuickBooks backup is automatically encrypted so you don’t have to password protect your company file within the QuickBooks software if you don’t want to. Of course, if you have more than one person in your office, it might be a good idea to do this anyway. But what I’m getting at is that if you are worried about your QuickBooks backup file falling into the wrong hands, you don’t have to worry about this with SecureBackup.

There’s one thing to keep in mind about backing up your QuickBooks company files with SecureBackup. If you want to ensure that you can easily restore a company file, make sure that you create a backup within the QuickBooks software first, and then use the SecureBackup software to backup that file. In other words, I wouldn’t recommend backing up the company file directly. You may be wondering why I’m saying this, but the reason is because QuickBooks appears to have a hard time using company files that are not restored from a backup made within the QuickBooks software. I have run into this problem on a few occasions. Now I’m not saying it can’t be done but it is better to stick with QuickBooks backup proceedures.

Probably the easiest way to do this is to have QuickBooks backup to a local folder on your hard drive. Then all you would need to do is have SecureBackup backup data from that folder. You should also include the “Company Letters” templates if you want to back up that data as well. As a matter of fact, I would recommend backing up your entire QuickBooks directory in addition to the local QuickBooks backup folder.

In summary, I don’t think there is any reason why you should have to pay Intuit so much money just to backup your QuickBooks company file. With SecureBackup, you can backup QuickBooks and anything else you desire.

SecureBackup has many online backup plans to choose from.

There’s no risk. Try SecureBackup right now for free!

In this, my second post, I wanted to share with you some of my goals for this blog. There are many topics that I would like to discuss here regarding online backup and why your backup files need to be secure, why your password needs to be secure, and why backing up online has many advantages over other types of backup solutions. I would also like to discuss data-loss and why it’s just as important, if not more important, than business insurance.

Aside from these general topics, I am also going to be covering the SecureBackup service in detail, what you can expect in terms of data security from our service, and what sets us apart from the rest of the crowd.

In addition to covering the service side of things, I would also like to talk about the SecureBackup software and how to make the most of your backups with SecureBackup and Windows. For example, backing up MySQL and MS SQL databases requires some extra steps due to the fact that Windows restricts file access to databases while they are running.

There’s probably a lot more that I haven’t thought of to write about but I’m looking forward to helping in any way I can.

This is my first post on this blog so I decided that I would tell you a little about myself.

I have been programming computers since 1983 when the Apple II was all the rage. I was in junior high at the time and boy did I love it. My parents didn’t own a computer so I stayed after school every Tuesday and Thursday when the computer room was open. The computer room had a wide assortment of donated computers ranging from from old punch-card machines to TRS-80s, and a couple of Apple IIs. I talked my parents into buying me a book about programming the Apple II. It was called, “Apple Basic” by Richard Haskell. I loved that book and still have it in my library. I eventually programmed a very limited pac-man clone which I used for my math class project. I also programmed one of the most limited paint programs of all time; it allowed you to draw lines using the joystick when holding down one of the buttons.

Eventually my parents bought me a Commodore VIC-20. Boy was I excited. I just had to have a programming book to go with it of course. I didn’t have a floppy drive at first, so I had to write my source code down in a notebook. The biggest pain was loading the program because, well, if you haven’t guessed it already, I had to type it all back in! I wrote a lot of exciting games ranging from a Battleship game where you played against the computer to hangman.

These were the days when I was programming for fun but in my late teenage years, my father bought a 286 PC with MS-DOS. Now this thing was powerful and I just had to program something great! I started with GW-BASIC and wrote an accounting program but found that it was slow and I wanted to use a language that the pros used so I decided to learn C. I became interested in 3D graphics as well and started experimenting. Of course, I just couldn’t resist and decided to write a flight simulator.

With the help of an agent, I landed a publishing contract with FormGen which was one of the top 10 game publishers in the world at the time. They published games like Duke Nukem 3D, Wolfenstein 3D, Terminal Velocity, and many others. The flight simulator was eventually called, “Black Knight: Marine Strike Fighter” and was an F/A-18 simulator based on the Black Knight Squadron. Though it did not have phenomenal success, it was a great achievement that took a total of 3 years of my life to complete. It was a lot of fun and a great learning experience.

After the shelf life started to expire and my royalties started to slow down, I decided to break into the shareware market and sold programming tools and API’s. I met with some success but also with some failure. Each time learning from my prior mistakes, never to repeat them again. Eventually, I decided to start a web hosting company. This was back when Google did not have PPC advertising. It was a level playing field and small guys like me had a fair chance. I met with some pretty decent success and began to learn that I really liked providing services. I still run this business in my spare time and haven’t advertised in years. My customers have always been pleased with the level of service they have received and word of mouth advertising has been the bulk of this business over the last few years.

And this brings me to today. I love providing services and I love running servers and writing code. SecureBackup is exactly where I want to be. I’m hoping that this blog will, in time, provide you with all the information you need to back up your data in a safe and secure manner, and why it’s important to take preventative measures against data-loss. I’ll keep you posted!