Disabling hard-drives/partitions

Hi,

I am about to build a home file server which includes backup. The main storage and backup will both utilise hard drives and the server will be on most of the time.

The following occured to me.

Using local hard drives as a backup source is good because of the speed advantage compared to other backup devices. However, if the machine was hacked or got a virus the local backup drives would be just as vulnerable to attack as would the non-backup drives!

One solution to this problem would be to only power the backup hard drives when a backup procedure was required. But this could be a problem as the server itself is not that accessible.

Is there a means in Windows XP Pro to disable an entire hard drive so that it is not accessible (and therefore immune to attack)? Could a partition be disabled in the same way?

In practice the file server will use RAID to manage 16 hard drives, eight of which provide on-line storage and the other eight the backup. Does using RAID complicate the above solution?

Regards Basher

 

Can you use a USB hard drive in the situation?

 

However, if the machine was hacked or got a virus the local backup drives would be just as vulnerable to attack as would the non-backup drives!

Nope, they wouldn't be. Backup uses compression and compressed files are pretty well safe from the sorts of attacks you might see. The backup drive also wouldn't contain the files most attacks target to get their foothold.

Added safety from running NTFS on the backup volume and limiting access to a single user account then putting strong password protection on that account (strong as in long, upper/lower case, non-work, numbers mixed in) and you'd be safe from any sort of attack you would face. The account should be only the main administrator account (disable any others) and renamed to something other than administrator.

If you were running high risk national security information on the server and could therefore expect a targeted attack by a professional with good tools and lots of time, the above wouldn't be enough but otherwise, it would.

 

Hi,

Thanks for the reply.

When I say backup I do not mean a Windows backup. Instead I perform my own backup periodically of the main drives and perform a simple file copy (using synchronisation etc). The result is that the backup drives contain a mirror image of the normal drives and no compression or zipping is used.

My understanding is that all installations of Windows XP Pro requires at least one administrators account which, potentially, could allow the erasure of any and all drives present on the machine. Therefore, the backup is not as secure as it would be if, for example, it was powered down, and powered only during a backup procedure.

Powering down the backup drives would also save the power of eight hard drives, and could prolong their life. The problem is that the server box will normally be out of reach, hence the need for a means to disable drives from the OS remotely (possibly like unmounting in Linux terms).

Best Regards Basher

 

How to create and use NTFS mounted drives in Windows XP

 

Symantec's gdisk will allow you to hide partitions from XP in the same way that Partition Magic does. In fact, gdisk does a better job of unhiding partitions than PM.

http://www.drd.dyndns.org//softlib/utils/gdisk.zip

The syntax is explained with the usual /?.

gdisk 1 /hide /P:1
<Enter>
The "1" indicates the first drive, "/hide" means to hide, and "/P:1" means the first partition. You will need to adjust the parameters for each partition you want to hide.

And the reverse:

gdisk 1 /-hide /P:1

 

Many thanks to you all.

Regards Basher