Results 1 to 13 of 13
  1. #1
    2 Star Lounger
    Join Date
    Mar 2004
    Posts
    191
    Thanks
    40
    Thanked 1 Time in 1 Post

    Safer backup via timed USB connection

    One of the better ways to protect backups from ransom-ware is to have the bu device disconnected except when actually backing up. Doing this manually is a pain. So I have been looking for a USB switch that can be time switched on automatically only while the bu is happening. The timing must not by the pc it is connected to - or the ransomers can just turn the switch on. Either a timer internal to the usb switch that was independant of the pc, or a timer external to the switch would be ok. I tried just de-powering my powered usb hub but my pc clearly provided enough power via usb to keep the hub running.

    I have tried looking for such a device, but they all seem to switch manually or 'on demand'. Does anyone know of a way forward here?
    Last edited by petermat; 2017-05-16 at 10:00.

  2. #2
    5 Star Lounger
    Join Date
    Jan 2010
    Location
    Fort McMurray, Alberta, Canada
    Posts
    720
    Thanks
    73
    Thanked 99 Times in 92 Posts
    Robots. Your solution lies in having a robot to plug and unplug the USB device.

    I for one welcome our USB robotic overlords!

  3. #3
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,462
    Thanks
    153
    Thanked 943 Times in 758 Posts
    If you want an externally-controlled solution then perhaps use a mains-powered external HDD (not a USB-powered portable HDD) together with Task Scheduler?

    Realistically, how are any 'ransomers' going to know your PC runs something to re-enable a USB device?

    Task Scheduler can be used to run a BAT file or script with USBDeview to re-enable a device then to kick off the backup job. Have a look at the command-line usage of device name, serial no. or VID/PID/Serial (and more).

    Some backup solutions have a 'run after backup completed' option which can also be used with USBDeview to disable the USB device again afterwards. Otherwise, just use Task Scheduler again.

    Hope this helps...

  4. The Following User Says Thank You to Rick Corbett For This Useful Post:

    petermat (2017-05-16)

  5. #4
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,971
    Thanks
    424
    Thanked 1,600 Times in 1,450 Posts
    Peter,

    The capability do this is available in PowerShell (which can be called from Task Scheduler for timing) via dome downloadable cmdlets from MS.

    Here's the Link to an intro.

    HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  6. The Following User Says Thank You to RetiredGeek For This Useful Post:

    petermat (2017-05-16)

  7. #5
    2 Star Lounger
    Join Date
    Mar 2004
    Posts
    191
    Thanks
    40
    Thanked 1 Time in 1 Post

    Safer backup via timed USB connection

    Re using an external mains HDD - I actually have five usb drives hung off a hub-and I really don't want to replace them. So whilst I agree this is a solution for others (and maybe myself at some future time) it's not a solution for me now.


    I agree with Rick - and by implication Retired Geek - that turning the usb on / off via USBDeview / PowerShell is probably safe - and I may well finish up going that way. However if I had an external hardware solution I would go for it, on the grounds that it never pays to underestimate the enemy.


    Thanks for your responses.

  8. #6
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,971
    Thanks
    424
    Thanked 1,600 Times in 1,450 Posts
    Peter,

    How about this Switch?

    You can just set it for Computer 2 when you don't want it connected. I know it warns about NOT being for HDDs, however if you only switch it when your computer is OFF there shouldn't be any problem.

    HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  9. #7
    2 Star Lounger
    Join Date
    Mar 2004
    Posts
    191
    Thanks
    40
    Thanked 1 Time in 1 Post

    Safer backup via timed USB connection

    Quote Originally Posted by RetiredGeek View Post
    Peter,

    How about this Switch?

    You can just set it for Computer 2 when you don't want it connected. I know it warns about NOT being for HDDs, however if you only switch it when your computer is OFF there shouldn't be any problem.

    HTH
    Thanks for the research - but this is a manually switched device, and, as I said, I want a " time switched on automatically" solution.

    Perhaps I should explain more completely. A pc runs 24/7. During working hours it receives data for bu from other pcs and saves it on it's own drive. Overnight - say between 11:55 and midnight - it incrementally updates files on the five drives run off a hub it is attached to so they match the data received today. These five drives hold data backed up in stages. There are daily, weekly, monthly and annual backups. Even if some / all of today's data is encrypted I still have yesterdays bu, the day before's and so on - provided the ransom sw only gets at today's data.

    So I am not there when the overnight update occurs to press buttons or turn pc's on or off. I need the five drives disconnected from the 24/7 pc from midnight till 11:55 pm then turned on for five minutes and then off again - all while I sleep peacefully!

  10. #8
    WS Lounge VIP Lugh's Avatar
    Join Date
    Jun 2010
    Location
    Indy
    Posts
    1,209
    Thanks
    276
    Thanked 189 Times in 163 Posts
    Quote Originally Posted by petermat View Post
    Overnight - say between 11:55 and midnight - it incrementally updates files on the five drives run off a hub it is attached to

    I need the five drives disconnected from the 24/7 pc from midnight till 11:55 pm then turned on for five minutes and then off again
    If you plug the hub into a power outlet which has a timer on it, that should do what you want. Such timers are often used for turning lights on and off when you're away on vacation etc.
    Lugh.
    ~
    Dell Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
    i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 2 x 256G SSD, 4TB HD

  11. #9
    2 Star Lounger
    Join Date
    Mar 2004
    Posts
    191
    Thanks
    40
    Thanked 1 Time in 1 Post
    Lugh,
    Thanks for the thought - and it may well work with some hubs - but I tried just pulling the power from the hub, and access to the drives kept on regardless. It seems my laptop supplied enough power to keep the hub and the usb powered drives fully live.

    In the meantime I am running Rick's solution. This may not be quite as secure, but does have an advantage - given the backup program I am using. Allway sync - like some others - allows a batch file to be run before and after a sync job. I have set this to run USBDeview to enable the drives before and disable the drives after the sync job. This makes the timing automatic and the vulnerable window minimised.

    Thanks All.

  12. #10
    3 Star Lounger
    Join Date
    Mar 2010
    Location
    USA
    Posts
    310
    Thanks
    65
    Thanked 40 Times in 31 Posts
    Following requires hardware electronics technical skills and soldering work.
    A DIY project.
    Objective: With external timer, turn on a USB hub so that it is connected/disconnected
    from USB port of a PC.
    Option: The connection on/off command, rather from an external timer/clock,
    can be from a PC's scheduler/software.
    Procedure:
    1. Get a short female-to-male USB cable. Or modify the hub's USB cable.
    Obviously match USB2.0 to USB2.0, USB3.0 to USB3.0.
    2. Cut a slit (surgically) on the sheath of the cable, to expose internal wires.
    Do not cut/damage the internal wires.
    Extract/pull out the red wire (the 5V power). Reseal the USB cable sheath.
    3. Cut the red wire.
    4. Connect the red wire to a relay, a reed relay, or even a solid state relay,
    your choice.
    Relay current handling: >=800mA (I know I know, the USB2.0 spec is ~500mA
    but today it is always slightly higher. 1A relay is good.
    For USB3.0 use >=3A relay.]
    The idea:
    The relay mechanically connects/cuts off the red wire (the USB 5V power).
    [USB port *detects* this 5V power connection, to enable/disable USB connection.]
    5. Build a power supply to drive the relay. Or ...
    Simple one: If you use a 5V relay, all you need is *ANY* 5V USB charger
    that can handle the relay power (usually 100mA-200mA). An old old days
    cell phone (flip phone, any one?) 5V-6V charger will work!
    6. When the the AC adapter is powered, the relay is on, its contact closes.
    The USB red wire is connected.
    7. Plug the AC adapter to a timer. Plug the timer to 110Vac (for USA).
    You now have a timer controlled USB hub auto-connect/auto-disconnect.
    8. Option: To control it via PC's scheduler
    8a. USB is always 5V. USB port from a PC can supply at least 500mA.
    Relay is only 100-200mA. A USB port can directly drive a 5V relay.
    (tech-speak: add a diode, a 100-Ohm resister, a 0.1uF capacitor as snubber.)
    8b. In programming, set time to turn on/off the specific USB port.
    With that, the relay is turned on/off. The relay contact, in turn, connect/disconnect
    the red wire of the hub (which is on another USB port), enabling/disabling the hub.

    Thanks, OP, for the great idea. I'll build one for myself.
    I prefer the external timer method.
    No unforeseen backdoor/hack if via software/scheduler.
    I can always adapt the backup software to do backup at specific time.
    A mechanical timer is cheap, US$5-7. Digital one is less than US$10.
    In my application, this will control the USB connection of the NAS (as backup) at the router.
    Total cost: <=US$20. Some technical work and soldering work.

    (If by software control, do add time delay for the USB port completing the detection.)

  13. #11
    3 Star Lounger
    Join Date
    Mar 2010
    Location
    USA
    Posts
    310
    Thanks
    65
    Thanked 40 Times in 31 Posts
    Also ...
    You can do remote control via Bluetooth or WiFi-controlled device. These plug into wall AC outlet. Its own AC port is controlled by either Bluetooth or WiFi, to turning its AC port on/off.
    So an AC power adapter plugged into this device will be controllable by Bluetooth or WiFi.
    Say, if you schedule your cell phone to turn on this device, you can then
    in turn control the USB hub on/off.
    The plus side:
    It is two-factor verification. To defeat your USB hub-connection control,
    one must control the PC, and also your cell phone.
    More: Must know Windows + Linux (Android).
    The negative: Sets you back US$50 and up.
    Hip factor: Cool.

  14. The Following User Says Thank You to scaisson For This Useful Post:

    petermat (2017-05-28)

  15. #12
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,945
    Thanks
    124
    Thanked 147 Times in 144 Posts
    For those of us who are stuck with plugging, unplugging, plugging, unplugging our external devices, most computer electronics stores sell "weird" adapters and 3-ft usb extensions. These adapters and extensions, plugged into the computer(s), can take the brunt of the constant [un][plugging] of the external device. For example, one of my home laptop's left-side usb ports has an elbow adapter. This elbow, along with the usb extension attached to the ext cooling assembly, take the brunt of my daily plugging / unplugging the external cooling assembly from the laptop.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/
    Backup, backup, backup! -- Lady Fitzgerald (w7forums)
    Clone or Image often! Backup... -- RockE (WSL)

  16. #13
    2 Star Lounger
    Join Date
    Mar 2004
    Posts
    191
    Thanks
    40
    Thanked 1 Time in 1 Post
    Just one more note re the USBDeview solution. If you go this way and have more than one drive, I found I had to put a short delay between the disable commands for each drive, or some disables got ignored. 10 seconds sufficed in my case.

    Thanks to you all, and particularly to scaisson for your very clear instructions.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •