Saturday, April 15, 2017

Why I started using an Air Gapped Archive

I'm not paranoid or afraid of the NSA. I'm just trying to avoid the risk of ransom-ware or the corruption of a disk via a virus, mechanical malfunction or a range of other things that might affect an active network and hard disk always spinning. I realise my approach is somewhat hybrid and would not satisfy Edward Snowden or the security gurus but It does give me confidence that I have addresses the long term safe storage of my source photos.
The Little Netbook that became a Linux archive machineI am using an old Toshiba netbook (it served me well as a photography & email connection to the world as I traveled around Europe in 2011). However it was always slow and it was the first computer I tried to update to windows 10 and basically windows 10 killed it! I ran out of patience and installed Linux, and a little photo software but it sat unused for the past year-ish. Then it struck me this would be ideal for the Air Gapped Archive. I leave it turned off most of the time, turn off the WiFi & Bluetooth and just use it to manage my photo archives on an External Drive. It has 3 USB slots (unfortunately USB 2.0 not 3.0, ie file transfer will be slow) so I can do my transfer of files to the archive on this little Linux computer. I can also preview the files with XnView when necessary
The Air Gap isn't perfect because I have to get the photos onto the external hard drive (ie connect it to a network somewhere) and at regular intervals the archive must be updated, again I do this for convenience by creating a new copy of the archive and updating that. This is the Generational approach. The new copy is the SON and this become the new air gapped Archive. The old copy is the FATHER and can be put away till next cycle when It is rewritten as the new SON. In the old TAPE backup days this was often taken to a third GRANDFATHER generation. At present I only have enough spare hard disks to do two generations and I only plan to cycle them over every three months.
I plan to use small memory sticks (only used for that purpose) to extract files if necessary between generation updates and this in theory reduced the likelihood of large scale malware, and particularly ransom-wear but does not avoid it altogether (eg stuxnet). The fact than I'm also crossing operating systems significantly reduces the possibilities of viruses being transmitted.
The Linux computer and the hard drive  containing the Primary Archive are turned off and stored together in my studio rather than my office where the on-line collection of my photos is stored. Hopefully I will only need them every 3 months or so as I cycle and then update my primary archive.

No comments: