Secure Data Backups For An Entire Network?

[TechnoKelvin]

I'll try to state this as simple as possible. I have a client that wants a 3 computer network to be backed up up to a single external HD. I had 3 questions for you guys & gals that I would greatly appreciate getting help on:

1) The guy doesn't like wires. Is a wireless network (Linksys G with WPA Encryption) a good idea for a doctors office with critical and sensitive information, even with advanced encryption?

2) The computers are currently connected through Ethernet cables running through the office but I can't see the other computers from one, meaning to me, they aren't networked although they are connected to each other. How do I safely set up a network? I always thought the way Windows XP does it was unsafe as it could give unrestricted access?

I am under the impression that once networked the Maxtor One-Touch Backup Software will be able to see all the hard drives in the network and backup them all up to that one external hard drive location.

Thanks in advance for any help you can provide!

 

[Simmy]

1) The guy doesn't like wires. Is a wireless network (Linksys G with WPA Encryption) a good idea for a doctors office with critical and sensitive information, even with advanced encryption?

No it's not really the best idea. You can make it as secure as possible (Use WPA2, hide SSID, allow only certain MAC address', limit the DHCP IP address range etc) but it's never going to be as secure as a hard-wire only network. As long as the data is floating around the air, there will be someone out there who can grab it and crack it.

2) The computers are currently connected through Ethernet cables running through the office but I can't see the other computers from one, meaning to me, they aren't networked although they are connected to each other. How do I safely set up a network? I always thought the way Windows XP does it was unsafe as it could give unrestricted access?

Is there a switch/router installed at the moment? You will need to explicitly share folders to be able to see them over the network - you can setup full access or just read access. Once you have done that, then yes the Maxtor software will be able to see the shared folders and backup the data from them. How much data have they got to backup? Is the external hard drive going to be taken off-site every day incase of fire/theft? Get each machine upto date (Service Pack 3) and running a good anti-virus/firewall.

Would it be possible to utilise the internal hard drives currently in the computers for backups? i.e. copy PC 1's data to PC 2 and 3. PC 2's data to 1 and 3 etc. That way there are always 3 copies available. It would also mean you don't have to purchase an extra hard drive.

I'm not sure if that is the kind of answer you are looking for. The question you ask is quite vague and I'm not sure how experienced you are and what the current network setup is.

 

[TimeCode]

I am under the impression that once networked the Maxtor One-Touch Backup Software will be able to see all the hard drives in the network and backup them all up to that one external hard drive location.

This is why businesses use servers... You can encrypt entire folders (good for security) and redirect all the data to the server (though it will still look like its on the users computer) and the server can back up the whole thing at once. Microsoft Small Business Server 2003 is great for small businesses and can be setup and installed for around $2000. A doctor should be able to afford that. And that will help make the network even more secure by regulating who can access the data even if someone does get on the wireless network.

If you want to do a back up from 3 different PCs, you'll have to share those folders (unsafe) and map them as network drives then you can back them all up.

I can explain either topic much more in depth later but I think a Small Business Server would be your best bet.

 

[tartis]

They need a server. They can then store all important data on the server and have it backed up by a tape backup system.

 

[seedubya]

I'd really have to agree with Tim on this. I'd even go so far as to say that your're doing him a dis-service NOT to strongly recommend that he go this route. Once SBS is properly installed and configured it's a doddle to manage and runs 24/7/365 protecting his network and his data.

Simple is good sometimes, but I don't think this is one of those times.

 

[TechnoKelvin]

This is why businesses use servers... You can encrypt entire folders (good for security) and redirect all the data to the server (though it will still look like its on the users computer) and the server can back up the whole thing at once. Microsoft Small Business Server 2003 is great for small businesses and can be setup and installed for around $2000. A doctor should be able to afford that. And that will help make the network even more secure by regulating who can access the data even if someone does get on the wireless network.

If you want to do a back up from 3 different PCs, you'll have to share those folders (unsafe) and map them as network drives then you can back them all up.

I can explain either topic much more in depth later but I think a Small Business Server would be your best bet.

I figured sharing folders and mapping them would be bad idea but could you go into more detail as to why? So I can explain it to the doctor. From my understanding if one of those computers becomes comprised, since all the computers have access to each other, every computer is now in trouble. Correct?

Also, what are the advantages of getting the server? As opposed to having one external hard drive backing up data for each individual computer? 3 external hard drives are a lot cheaper than a server but are there any advantages to having a server?

Thanks for the responses, this really helps.

 

[Checkmate]

Easiest explanation to a doctor.... A server with SBS2003 set up with proper firewall will conform to all HIPAA requirements.

For $2000 they get peice of mind that their network is no longer vulnerable, you get piece of mind that everything is backing up redundantly. No need for an external HD. If you set up a shared folder on each computer that has patient data, moved over to a wireless network "Because the doctor hates wires", then that's a major leak. If a person walks in with a PDA and a sniffer, can find the key to get into network, shared folders are open to that network, person walks out with confidential files/info. HIPAA violation and fines.

 

[TimeCode]

What if...

I figured sharing folders and mapping them would be bad idea but could you go into more detail as to why? So I can explain it to the doctor. From my understanding if one of those computers becomes comprised, since all the computers have access to each other, every computer is now in trouble. Correct?

Correct, but there are a few other issues that should be taken into consideration. Are his clients' data files being encrypted? If so, sharing those among 3 independent PCs will be difficult at best. If not, anybody who can plant a rootkit or steals the computers has EVERYTHING. So, what if the computers are stolen. Not only has he lost his computers but ALL the data that was on them. Once he alerts his patients, he'll essentially be out of business because A) He no longer has their data records. B) and no one will trust him with their health data anymore. I wouldn't.

"The federal government’s enacted and proposed health data security standards will require health care providers to implement comprehensive security systems to ensure that electronic patient records are protected against data loss and unauthorized access."

Also, what are the advantages of getting the server? As opposed to having one external hard drive backing up data for each individual computer? 3 external hard drives are a lot cheaper than a server but are there any advantages to having a server?

With Windows Small Business Server (SBS) 2003 you can easily...

1. ** Store user's data on the server for backup or review **
2. ** Control who has access to your computer network **
3. ** Control which users have access to which public folders **
4. ** Encrypt entire folders to keep data safe. **
5. ** Control user's password complexity for security **
6. ** Reset a user's password in case one forgets theirs or leaves the company **
7. Host your own email and website
8. Access work computers from anywhere else in the world via a web browser
9. Access email via a web browser
10. Share a contact list and calendar
11. Automate the Windows update service for user's PCs
12. Share Printers
13. Receive faxes via email or a shared folder
14. Collaborate on work issues via Sharepoint.

Do you need any more? Oh... And I would SERIOUSLY recommend that he has either XP Pro or Vista Business on the 3 standard client PCs. Otherwise many of these benefits go out the window.

 

[cleanwithit]

1) "The guy doesn't like wires. Is a wireless network (Linksys G with WPA Encryption) a good idea for a doctors office with critical and sensitive information, even with advanced encryption?"

I do Wifi audits in my area for companies. You know testing their wireless networks. Their is absolutely no difference between WPA (2), as far as somebody trying to hack the key.

My recommendation to you is to use a very complex key, that's around twenty plus something characters, using numbers, symbols, and letters. Also make sure your router password is complex. Once you have a very complex key, it take alot of CPU power to be able to crack it, so it will be secured.

Other ways of securing it:

1. Enable Mac Adress Filtering
2. Disable DHCP, or limit the number of address's used.
3. Disable Remote Administration.
4. Hide SSID
5. Never ever use WEP, I can crack that in three seconds.