Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Back to Basics: Backups and Data Recovery "The Home Office Edition" - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Back to Basics: Backups and Data Recovery "The Home Office Edition"

Back to Basics: Backups and Data Recovery “The Home Office Edition”

The Point of the Matter

On the subject of backups, here it is 2018…. The Information Technology professional has had the subject pushed hard and backups ‘should’ be axiomatic. It started with a simple question on our  team Slack channel “Hey, <blah blah> backup home lab, blah blah” and come to find out? We as knowledge professionals may not *cynical humor with serious undertones* be doing the best of jobs at backing up our ‘underground lair’ [1] so to speak.

This then lead down a path of asking other handlers more questions, finding out what colleagues were doing, asking some clients what they do at home. The deeper I examined, the more it became apparent that data may not be backed up effectively (if at all!).



One of the major anecdotal observations is we may not be doing the best job at backing up our personal data, me included. Using myself as a (bad) example, with over 30 terabytes (TB) of data in various arrays, I have been falsely comfortable with RAID. I can still hear Dr. Eric Cole’s (Mr. Back then) voice “RAID is not a backup solution” yet, here I am. Laptops are backed up via TimeMachine to one of the array’s and that has proven effective and saved me a couple of times. The Windows devices in the house are not really backed up, however, cloud storage (e.g., Box, DropBox, etc) is used heavily.

Another anecdotal piece of evidence comes from a client meeting today (thanks guys for answering me honestly, you know who you are :)). Some built in backups, RAID array of drives, and that’s about it. We shared a good chuckle, and agreed that we need to get better about it.


Reported Solutions

Disclaimer: The Internet Storm Center does not endorse products or solutions. The following are listed as what was in use at the time of investigation. 

  • A good combination of Crashplan [2] + Apple TimeMachine [3] 
  • Only TimeMachine [3]
  • Drobo Storage Arrays [4] + Apple TimeMachine [3] + A False Sense of Security [10] (this is me :))
  • QNAP Array (RAID) [5] + TimeMachine
  • QNAP Array (RAID) [6] + “Ignoring the problem”
  • Borg Backup [7] (reported to compress virtual machines excellently) + Apple TimeMachine [3] + Wasabi Cloud [8]
  • DropBox [9] + External USB Hard Drive



Protecting our ‘Secret Underground Lairs’ seems to be an area that needs some attention. PC Magazine has a pretty good article reviewing cloud backup solutions of 2018 [11] and worth a review. The heart of the matter is, how ‘backed up’ is your data at home, from family photo’s, to hours of work on virtual machines. Ask yourself what needs to be done to protect yourself @home. We all do risk management and attack surface reduction at $dayjob, and seems that we could do a better job with our personal stuff.


Please hit me up @packatalien and or here on the forums if you have any ideas, suggestions, things that work, still use tape drives, or any other Back to Basics topics that need review. Short of it, I'm not done with this topic! Please send ideas as I plan to expand on this. 
















164 Posts
ISC Handler
Ah, the good old 3, 2, 1 rule from my early study days is coming back to me.

3 copies (including live).
2 different types of media.
1 off site.

I've always been tempted to look at base pricing on Amazon or Azure to spin up a really basic server with generous storage, then just rsync over keyed ssh/OpenVPN or something.


4 Posts
OS level backup (Windows Backup/TimeMachine) to a local NAS
Use of cloud storage (OneDrive/iCloud) for personal files where the risk profile allows
Arq Backups (encrypted, versioned every hour back to the beginning of time or how ever far my wallet allows) to Google Cloud Storage Coldline (or Backblaze B2 or Wasabi or others).

Has worked really well for me. If something goes haywire I can usually pull something quick out of OneDrive or iCloud. You can also pull a file out of the NAS but the NAS' strength is being able to do a full system restore faster than downloading from the cloud. If all else fails and my place burns to the ground or I need to go pull something from way back, I have the Arq backups sitting in Google Cloud storage. I needed the off site once when I accidentally deleted all files smaller than 1kb in my home directory (don't ask). I didn't notice any issues at first, but by the time I wanted to restore I had no more TimeMachine version history to go back to. Saved my bacon.

Sign Up for Free or Log In to start participating in the conversation!