WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
If you don't have an IT department to lean on, yet your computer is critically important, this article offers some advice on configuring things to be as bullet-proof as possible.
Of course, the ultimate in safety is having a second computer, identical to the first, to fall back on when things go wrong. When down-time is a big enough problem, the expense is certainly justified. Cars need four tires, yet they all carry five. But without going to such an extreme, there still are a number of steps that can be taken to make a computing environment much more resistant to the inevitable hardware and software problems. And problems are certainly inevitable.
All techies know that PCs are fragile beasts. For example, it only takes a single typo to visit a bad Web page and infect a machine that isn't perfectly defended. Securing a Windows computer is as difficult as winning a medal in the Olympics; it can be done, but not by many. So, rather than focus on security, which, after all, doesn't help with hardware problems, the focus here is on being able to recover the computing environment quickly and easily. After all, just determining if a problem is hardware- or software-related is no trivial endeavor.
The assumption here is a computer with a single hard drive. A desktop machine with multiple hard drives potentially offers additional options, but more and more people rely on laptops which, as a rule, have a single hard drive (or SSD).
The first step is to use multiple partitions, one for the operating system and your applications, another for all your data. A partition is a contiguous area of space on a hard drive. Many hard drives consist of a single partition that fills the entire drive, but the rules allow for multiple partitions of different types. Partitions can also be hidden, a feature typically employed to hide a factory fresh copy of the operating system to be used in case of emergency. Segregating your data files from the operating system and applications makes a physical distinction between files that already have a logical distinction.
The operating system and your data files each need to be backed up with different software on different schedules. Putting each in their own partition facilitates this and allows each set of files to be restored without impacting the other. The process of making two small partitions out of a single large one is as follows:
- Shrink the existing partition
- Create the new one in the just-freed-up space
- Copy data files into the new partition
Since Windows allocates letters from the beginning of the alphabet, its best to use a letter near the end for the data partition. Borrowing from a George Carlin routine, you may want to put your data files in the "M" drive, for My Stuff. After all, much of life is about finding a place to put your stuff.
Windows 7 can resize partitions, but this is a fairly new feature for Microsoft and I'm always hesitant to use new software. Linux has been dealing with partitions for a long time, so my preference is to boot the computer to Linux and use its partitioning software. For a number of reasons, everyone should have a bootable copy of Linux.
Windows 7 is the first version of Windows to normally employ two partitions rather than one. In terms of size, one is very small, the other normally fills the hard drive. The above concept still holds on Windows 7 machines, it's just that the conversion is from 2 to 3 partitions.
If you are in the habit of keeping files in the "My Documents" or "Documents" folder then you will need to redirect this from the C: disk to the new data partition. This isn't hard and is one time adjustment. A quick search using your favorite search engine should provide you with helpful assistance.
Disk image backups
The big advantage of housing the operating system and applications in their own partition is that it can be backed up and restored without impacting any of your data files. Also, separating out data files makes the backup of the operating system run faster and take up less space. Human nature being what it is, this, in turn, makes it more likely you'll actually backup the operating system partition.
There are two types of backup programs, those oriented towards files and those oriented to partitions. The latter type, known as, "disk image backups," are appropriate for an operating system/applications partition. The goal of an image backup is to, in effect, take a picture of an entire partition. Not only does it backup all the files, it also tracks where each file was located. If the partition needed to be defragged when it was backed up, it will again need to be defragged after restoring the backup.
An image backup may well back up lots of files that aren't needed. You shouldn't care. Only by backing up everything can we insure that a restore will fix any problems that cropped up after making the backup.
Without image backups, when the operating system becomes corrupted, Windows users are often forced to restore the system to its factory fresh state. This wipes out all your data, all the applications you installed after the computer was purchased, and all the customizations you've made to both the operating system and the applications. Some people would be better off just buying a new computer.
With image backups, you can restore the system to the way it was fairly recently, perhaps losing no more than a month's worth of changes. And, again, none of your data files are impacted in the least. It's like having a spare tire in the trunk. That's the good news.
The bad news is that image backups are a bit of a pain; they take a while to run, the output is large, and they interrupt your use of the computer. One backup a month should be more than sufficient. Every other month is also perfectly reasonable. I also suggest taking an image backup before making any large change to the system, such as installing a service pack. The computer that I care about the most is backed up monthly, just before installing the Patch Tuesday Windows updates. Computers that I care less about are backed up less often.
How many image backups to save is a matter of opinion. Since it can be hard to trace when malware first infected a computer, I suggest always having more than one saved image copy. Beyond that it depends on how big the backups are, how much space you have available to store the backups, and how important the computer is. Because of their size, image backups are best made to a locally attached external hard drive. More sophisticated users could save the backups on a Network Attached Storage (NAS) device rather than--or in addition to--an external hard drive.
Extreme pessimists may want to periodically take an external hard drive with backups off-site. Any recent external hard drive should have more than sufficient storage space for multiple image backups. The combination of Windows and your applications is likely to be under 10 gigabytes. The image backup program should be able to compress that down to, perhaps, 6GB.
Laptop computer users can benefit from being able to remove the hard drive relatively easily. This isn't true for all laptops, but if it's true for yours, it can be used to great advantage.
Earlier I referred to a disk image backup as being like having a spare tire in the trunk. We can make the analogy even more accurate. If your laptop offers easy replacement of the hard drive (you may have to review the manual or ask the manufacturer), buy a new hard drive (or SSD as the case may be). Then, when you have some spare time, make an image backup to an external hard drive, take out the original laptop hard drive and put in the new one. Then restore the image backup from the external drive to the new virgin internal drive. This provides a safe environment for testing and insures that you can create a usable, bootable system from your image backups. It also ensures that things, such as stuck or stripped screws won't get in the way should you need to replace the hard drive in an emergency. And, of course, you now have a perfectly working internal hard drive at the ready, one that can be swapped into the computer should the need arise. Your laptop computer is now seriously bullet-proof.
Be it a software problem or a hardware problem with the hard drive, you can now swap drives and be up and running quickly. Not many people can make that claim. Yes, this takes time and effort up front and will be overkill for many. But if you make your living off your computer, run this scheme by your local computer techie. Disk image backup software isn't expensive, neither is an external hard drive or an internal 2.5-inch laptop hard drive. It's probably less than you pay for other types of insurance.