Timed Air Gap Connector?

By Deane Barker on August 1, 2005

I have a 300GB RAID tower attached to a server via FireWire. Every night, the server pushes all its backups onto the tower for storage where they sit until they get deleted seven days later.

But I worry about this system a bit. If someone managed to get into the server, they could get into the RAID tower as well (it’s the F: drive — FireWire rules). Or what if a virus started executing by crawling the drives and deleting files? This means all my backups and archives would be vulnerable.

The fact is that the tower only needs to be connected to the server for about 30 minutes a day — the amount of time it takes to copy 20GB or so of stuff to it. The other 23.5 hours, it’s doing nothing.

This being the case, does anyone make an air gap device with a timer? I’d like to have some mechanical device that physically connects the tower to the server at 12:45 a.m. so it’s ready for the copy job at 1:00 a.m. then disconnects it about 45 minutes later, when everything is copied over.

Thus, if my server is compromised at 4 a.m., there’s no F: drive for anyone to poke around in. The tower would be separated from the server by a one-inch gap of air. That’d be pretty flippin’ secure, especially since the device would be standalone — a little gizmo unconnected to any computer or networked device.

Does anyone make anything like this? Truth be told, I’m not that paranoid, but I’m just curious if this exists.

Gadgetopia
What Links Here

Comments

  1. This is not the fanciest of solutions but it might be worth a go. Between your power cord for your back up drive and the power source insert a home light timer (which you’d normally use to turn your lights on when your not home). Set it for the time you back up every day and the rest of the time no drive.

  2. Yeah, that would certainly work. But I’d be concerned about cutting power to the drives so abruptly.

    If the connection between the server and tower was somehow powered (do they make powered FireWire hubs?), then I could cut the power to that. The tower would continue to run, it just wouldn’t be connected.

  3. That’s perfect. Anyone want to try this? I don’t really want to do it, I just wanted to know that I could if I wanted to.

  4. Actually, reading more about the GFH610, it may also be BUS powered, so not sure if it would work. Theory sounds good though.

  5. Couldn’t you write a script to un-mount the drive before dropping power. Or maybe just un-mounting it would be good enough. That’s about three lines of Applescript anyway. Don’t know about VB.

  6. It would be easy enough on an MS platform. In a batch file, put the following line:

    net use f: /delete

    Then schedule the batch file to run, say 10 mintues before power is cut. 10 minutes should allow for any write-behind caching to finish and for any discrepancy between the time on the computer and the time on the lamp timer.

    net use f: \servername\sharename will re-map the drive — second batch file scheduled 10 minutes before the copy blah blah blah.

  7. Or what if a virus started executing by crawling the drives and deleting files? This means all my backups and archives would be vulnerable.

    Does this illustrate one of the weaknesses of using hard drives as a backup media? Even if you were to have a script mount the drive for a brief period of time during a backup operation, would a virus still be able to compromise the data on that drive?

  8. Does this illustrate one of the weaknesses of using hard drives as a backup media?

    It probably does. Someone who owned the box could just as easily get into tape drives or re-writable media, but it would be harder. A F: drive named “Backup RAID Tower” kind of sticks out as something to which it would be fun to mess.

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.