Hey, there! Log in / Register

Apparently, Harvard Law has yet to hear of VPNs

The Globe reports a worker shuttling a computer backup tape between a Harvard Law clinic in Jamaica Plain and the World's Greatest Law School lost the tape on the subway and now there are 21,000 client records (including 13,000 with social-security numbers) out there somewhere.

The school says even if the tape falls into the wrong hands, the numbers are safe because the database is "protected by a password," which, really, guys, is not all that reassuring. But also, one could ask why they're entrusting this to a tape and a subway-riding courier to begin with, when you've got this InterWebs thing with VPNs and stuff.

Topics: 


Ad:


Like the job UHub is doing? Consider a contribution. Thanks!

Comments

The data transfer rate of information carried across town on a subway is a lot higher than that of generally-available internet connections.

Without more information, it's impossible to say whether they're following optimal practices or not.

Also, online backups have their own vulnerabilities. The VPN's just a secure channel for getting bits from A to B. The bits are then by definition online at B, and then the vulnerabilities over at B have to be worried about.

We want these problems to be easily targets for ridicule. They aren't. A cheap and easy solution probably would have involved better security around the tape itself, through a procedure that makes it impossible to lose the tape in the first place.

In short, we'd need more info before snorting, although I'm still amazed they're using GwBoOLP (Guy with Backpack on Orange Line Protocol).

In short, we'd need more info before snorting, although I'm still amazed they're using GwBoOLP (Guy with Backpack on Orange Line Protocol).

This is how many organizations and companies do it. Someone in the IT department gets stuck with shuffling the tapes.

Pure expense is one reason; another is that a lot of the courier services, even the ones that specialize in handling computer discs/tapes, are IDIOTS. They have pretty websites, though.

Who do you trust more to be careful with those tapes- the professional sysadmin that works and reports directly to you? Or the guy making $10/hour driving a delivery van?

Wouldn't DVDs or flash drives be a better and more modern way to do this?

Though I suppose one advantage of tapes is that hardly any random person has the equipment needed to read them.

tapes can get friggin' huge. Search time is an issue, though, which is why they're used primarily for backing up lots and lots of data that will (likely) never be looked at.

-Cosmo
http://cosmocatalano.com
World's Toughest Writer

It's true. Tape backups only exist for government subpoenas. Either the feds want the data, or you need to defend yourself against a civil or criminal charge. But mostly the former.

It would take a really really long time and a lot of DVD's to handle a full system backup.

Full backups are desirable, every time.
Multiple backups are desirable, to go back a generation or many generations.

Because of the way operating systems and applications have evolved, it is very hard to "tease out" just those individual things that "must" be backed up.

Computers should ideally NOT be in use when a backup is in progress, so the best backups happen with nobody around (at night)

Assume a 120GB backup of a typical desktop computer (but in the final tally, remember to multiply by the number of computers in an office):

On tape, carried once a week:
Travel time = 90 minutes
Backup time: 0 (runs overnight in a few hours)
Intern = $15/hr; MBTA = $3.40 round trip
Data transfer rate = 120GB x 8 GBits/90 minutes = 960GBits/90 minutes = 177MBits/sec
Total monthly cost: ($22.50+$3.40)*4 = $104

Online, using Comcast business service with 2Mbps (remembering that Comcast has caps on how much of this capacity you can actually use):
Backup time: 960000MBits/2MBits/sec = 480000 sec = 8000 min = 333 hours
Hours in a week: 24 * 7 = 168

Now, there are ways to optimize this and not re-backup things that have not changed... but considering data rate caps from carriers, and that most offices have more than one computer, a courier-carried backup tape is still very efficient.

Backup tapes can be written in a truly ENCRYPTED format, so that they in fact cannot be read, even by an adversary who targeted and then snagged a desired tape. Encryption works. Physical security could be better accomplished by securing the tapes in a specific container that the courier is charged with protecting, even down to the old "handcuff to the wrist" deal if that's what it takes... and in any case, a properly encrypted backup will not be readable by an adversary. I'd also recommend that the courier be sent from point to point in a taxi if it's really important.

Wouldn't DVDs or flash drives be a better and more modern way to do this?

Dual Layer DVD-R stores a little over 8GB and costs around $1/disc (several times more for rewritable ones.) They're one-shot. Their typical lifetime is around a few years tops; the dye bleaches, the discs de-laminate, etc. From start to finish, they're not designed for archival purposes. Companies selling media rotate through factories and different DVD-R chemistries faster than you can say "let's make a penny more per disc."

Ultrium (LTO) 4 stores 800GB per tape, costs around $60 retail, and is about the same volume as two decks of playing cards. You'd need a stack of dual-layer DVDs more than a YARD HIGH to store the same amount of data, and it would cost you $100- almost twice as much.

Flash drives are poorer in storage density (you can get 128GB flash drives in 2.5" IDE drive form factor, an LTO4 tape is about 2-3 times larger.) USB connectors are typically only rated for a few hundred plug &unplugs; LTO4 is rated in tens of thousands of complete uses. IDE/SATA flash drives are around 20-40MB/sec. LTO4 is 120MB/sec. 800GB of flash storage would cost you around $1800. The only real advantage flash has is reliability and random access; they'll tolerate moisture, dust, and temperature far better than everything else.

I didn't mean "for backup", I meant "for the specific purpose of moving 21,000 records from one place to another". I'd burn a DVD, then destroy it as soon as I'd safely moved the data.

A VPN would make your data succeptible to attacks 24/7/365, all they'd need to do is hack the single or multi-layer authentication system you implement. Is that "better" than a bunch of tapes in a safe that no script kiddies in Russia or China can hack into remotely? Maybe, maybe not.

"a procedure that makes it impossible to lose the tape in the first place."

No system is impenetrable, so it is impossible to make things impossible.

The "password" on the tape is probably a passphrase for the encryption used on the tape. Obviously if you have access to the data-tape, a simple access password without encrypted data is useless, because you could hypothetically physically transfer the tape to another tape that did not have the password segment. So the data itself is probably encrypted. But all encryption keys do is introduce a time-barrier: Given enough time, the encryption can be broken.

As the saying used to go, "Never underestimate the bandwidth of a station wagon full of mag tapes hurtling down the freeway at 60 miles per hour."

But also, one could ask why they're entrusting this to a tape and a subway-riding courier to begin with, when you've got this InterWebs thing with VPNs and stuff.

Adam, I don't expect the press to get this, but I do expect YOU to, given that your worked for a technology company. Even the older AIT tapes hold ~100GB. Current Ultrium drives hold almost 1TB uncompressed per tape. The tech had six tapes. We don't know the frequency of rotation, but you're taking Armchair Expert to a whole new level.

The school says even if the tape falls into the wrong hands, the numbers are safe because the database is "protected by a password," which, really, guys, is not all that reassuring.

Actually, I'm not very concerned at all. And here's why.


  • The tape would have to find its way from "floor of the orange line" to "person with substantial technical skills and hardware who is also criminally motivated."
  • To read the tape, whoever gets it will need to have the correct kind of drive. Most backup drives cost over $1k and can run into the $5k range.
  • Just figuring out which backup system wrote the tape requires substantial technical knowledge- above many entry-level to mid-level professional system administrators.
  • Some backup systems store the index completely separately from the files; either on the server or a different tape. Ie, "at position 3456 on tape 123 is file \\Documents\SSNs.txt from machine bigserver". Without the index, the data is even harder to decode, because now you have to inspect every file on the tape, assuming you can tell where each file starts and ends. If the tape was just an index tape, it's completely useless save for learning about the systems in use...ie, you know a file existed and when it was last modified etc- but not much else.
  • Not knowing what database in use (Filemaker? MS Access?) and where the files were stored means that even if you did have the index, it'd be a royal pain in the ass to find said data.

In short: the Globe smelled a data-loss story, saw "Harvard", freaked out, and doesn't understand the level of plausibility involved.

I'm actually at a technology news organization - best of both worlds, I guess, and my beat back in my reporting days was applications, not storage.

Yeah, for giant databases, tape still makes sense for backup, although when I brought up VPNs, I was thinking incremental backups, not wholesale replication - and even then, 21,000 records is hardly large. The database behind Universal Hub has more records than that, and I'm now doing nightly "backups" for it over DSL (i.e., I dump the database, gzip it and download a copy). OK, so he had six tapes, that's still not sounding like some giant database.

Yes, I agree the risks of this data being put to some nefarious use are low, even assuming somebody actually has it. It really sounds like the guy was actually a good T-riding doobie and took off his backpack instead of lurching it around, smacking people in the face, and one of the tapes fell out, and I bet some T worker found it and threw it out.

But: At the same time, it's amazing the lengths to which people who do nefarious things with data do these days to get data - and the sophistication they bring to parsing it out. So better safe than sorry.

You're backing up some posts, but not the whole server, the OS, the customizations of ALL desktop applications, incidental work files, e-mails, and on and on...

I don't know what else was on those tapes, but in defense of proper backups (that are necessarily large) the customizations to an individual computer are made over a period of years and wouldn't typically be documented apart from the computer. Thus the loss of these things can be just as expensive as the loss of some single "object of work" such as a database. I have to assume (and hope) they might be backing up a lot more than just the contents of some database, if they're backing up one or more personal computers.

I remember going to a computer workshop in elementary school in the 80's where we'd save our turtle commands on an audio tape.

That was the last time I used a tape for my data.

I also don't do big backups.