Tom Olzak

Posts Tagged ‘backup’

Review: New RoboForm Pro Online Service

In Password Management, Security Management on September 2, 2009 at 11:42

Need to access your passwords, secret questions, and personal ID information anywhere, anytime?  Then you need to take a look at the new RoboForm online service.  I recommend it.

RoboForm isn’t new.  A product by Siber Systems, Inc., the RoboForm desktop application has been helping users auto-fill forms and remember important information for some time.  What IS new is an online service (beta) which allows you to:

  1. Sync your passwords, secret questions, and other identity information with RoboForm servers.  All data shared with RoboForm is encrypted with AES using a password which only the user knows.  RoboForm cannot access your data.
  2. Access your online information from any computer with Internet access, without installing any software.
  3. Access your online information using selected smartphones, including iPhones and Blackberries. 

Before we get to the online capabilities, let’s walk through the RoboForm Pro client application functionality.

Client Functionality

The RoboForm Pro client, with a $29.95 price tag for the first license, is available for download.  There is a nice quantity-discount calculator at the site, but $15.95 seems to be as low as it goes.

I downloaded the client and installed it on my desktop (Windows 7 and Firefox 3.5).  After activation (see Figure 1), I restarted Firefox.  The toolbar shown in Figure 2 appeared.

Figure 1: RoboForm Activation

Figure 2: RoboForm Toolbar

The time-to-live setting for the RoboForm master password is an important setting during setup.  As you’ll see as we step through this section, maintaining an active login to the client provides access to passwords and other private information.  So you want the login to expire without having to think about it.  The default is 120 minutes.  I set mine to 10.

The core of RoboForm password management is the passcard.  A passcard contains login and address information for a specific site or application.  There are two ways to set one up.  First, you can navigate to the login screen of the target site or Web application and enter your account ID and password.  You can also pre-configure a site login.   

Figure 3: Create a Passcard

To create my Gmail passcard, I provided a name and left Password-protect checked, as shown in Figure 3.  This requires the encryption password before I can access it.  I then created an email folder in which to place the passcard.  I also checked Add Shortcut to Links Toolbar.  When I clicked save, a button with the passcard name appeared in the RoboForm toolbar (See Figure 4).  Also saved was the URL to the login page.

Figure 4

The button performs two functions.  If the Gmail login page is not currently displayed, RoboForm instructs the browser to go there.  The second function is the same whether you are at the page or not.  RoboForm auto-fills the account name and password fields.  If you’ve previously used this function , a persistent cookie exists on your computer.  When the cookie is present, clicking the button causes the browser to navigate to the page, enter the login information, and login.  You can disable the persistent cookie feature by removing the asterisk in the field shown in Figure 5.  (Note: When editing passcards, the password is displayed in plain text.  This is so you can retrieve an unremembered password.  So beware shoulder surfers…)

Figure 5: Editing Passcards

In addition to passwords, you can store all personal information–including credit cards, bank account info, and social security number–in an identity form.  See Figure 6.  Note that the identity information, like all passcards, is encrypted with AES.  When saved, the identity appears in the RoboForm toolbar, as shown in Figure 4.  You can use it to fill-in any browser-based forms, and you can create multiple identities.

Figure 6: Identity Form

Finally, you can create free-form safe notes.  I created one to hold a sample security question, as shown in Figure 7.

Figure 7: Creating a Safenote

This is a good time to talk about encryption strength.  The strength of the AES encryption used depends on the password used to protect your RoboForm information. 

  • Master password less than 32 characters – 128 bit
  • Master password from 32 to 47 characters – 192 bit
  • Master password greater than 48 characters – 256 bit

If you can’t decide on a password for an account, the create-a-password feature built-in to RoboForm can help.  There was a small issue with the sample password shown in Figure 7.  It contained a dictionary word.  While this might not be a huge problem, you should be aware this might happen.  Play with this a little.  You can watch the bit strength change as you change the provided parameters.

Figure 7: Password Generator

So far, this looks like something I can use.  However, what happens when I’m not in front of the computer with my client software installed?  Well, I can create a repository with software loaded on a thumb drive.  Or I can use the new RoboForm online service (beta).

Features of Online Service (beta)

The online service provides you with your passwords, identity information, and safenote data anytime, anywhere.  The data is encrypted with your master password, which only you know.  If you lose the password, you lose your data.  Not even RoboForm can help.

To synchronize your local information with the online service, you first have to create an online account.  RoboForm must be installed on your computer to use this service.

Once the account is created, and you have synchronized your computer with your online repository, you can access your RoboForm data using an SSL connection as shown in Figure 8.

Figure 8: Online Signup and Login

To sync your computer, click the Sync button in the toolbar.  If this is your first sync, RoboForm needs your online user ID and password, as shown in Figure 9.  Sync settings can be set or changed at any time by using the button shown in Figure 10.  Once configured, the prompt shown in Figure 10 is displayed, allowing you to manually sync your data and select auto-sync if you don’t want to worry about pushing future changes or additions to the online repository.  Note that you can also sync to local or network storage devices.

Figure 9: Sync Setup

Figure 10: Online Sync

There are differences between using the online service and the local client.

  1. Auto-navigation to the login page is not enabled, although the link is provided
  2. Auto-fill is not enabled, so you have to copy and paste your account ID and password, which is displayed in plain text, to the login fields

The online service is free to try while in beta.  No future cost information is currently available.

The last online feature I tested was access via smartphone.  This worked flawlessly when I tried using my iPhone 3GS.  Figures 11 and 12 show the screens provided.

Figure 11: Mobile Menu      Figure 12: Mobile Password Screen

Recommendation

I recommend both the client software and the online solution.  This is the best password, identity, and general sensitive information repository solution I’ve seen.  If you are worried about how RoboForm manages passwords in memory, check out the user manual.  Passwords are purged from memory during events you select.

Review of the ioSafe Solo Backup/DR Drive

In Backup, Business Continuity, Data Security, Disaster Recovery, Physical Security, Risk Management on July 4, 2009 at 17:56

I don’t get excited about technology very much anymore.  After almost 30 years in this business, I’ve become rather jaded to most emerging technology.  So I have one thing to say about the ioSafe Solo drive—WOW!!

I received an evaluation unit from ioSafe a couple of days ago.  It came in a plain white box, but it weighed quite a bit.  Big piece of iron I have to spend an afternoon configuring, I thought.  So I waited until the weekend.  Removing the drive from the box I found the drive unit, a USB cable (which closely resembles the cable I use on my USB printer), and a power cable. The drive unit is about the size of a toaster.  But unlike my toaster, it weighs about 15 pounds. 

The manual wasn’t much.  Since I was connecting the drive to my laptop running Windows XP SP2, the installation instructions pretty much consisted of: 1) plug the drive into an outlet, 2) plug the USB cable into the drive and into the computer, and 3) turn on the drive.  This was good.  I like simple.

I followed the directions, and 20 seconds after I turned on the drive I had a new 500 GB drive connected and ready for action.  According to the manual, Apple computer users will have to do some formatting work before they can use the unit.

Now you might be asking, “so what?”  Well, there is more to this drive than meets the eye.  Within 5 minutes of unpacking the gear, I had a backup drive which provides the following:

  • Fire protection for temperatures reaching 1550 degrees Fahrenheit for 30 minutes (tested per the ASTM E119 protocol)
  • Water protection, tested for immersion up to 10 feet for 72 hours
  • FloSafe air cooled, providing forced air cooling through plastic vents which melt shut to protect the unit when ambient temperature reaches 200 degrees Fahrenheit
  • Metal case which can be easily bolted to the floor or secured with a cable lock
  • A three year warranty and ioSafe’s data recovery services for one year

Additional features include 7200 rpm drives and USB 1.0 and 2.0 support, with data transfer rates up to 480 Mb/s.

I was pretty interested in this drive by this time.  It’s a perfect backup solution for my home office and the restaurant we own.  So I looked up the price.  I was not disappointed.  The ioSafe Solo can be ordered with one of three data capacities, as listed below:

  • 500 GB at $149
  • 1 TB at $229
  • 1.5 TB at $299

You can upgrade the data recovery service from one year to up to five years, adding up to $100 to each of the prices listed.  These are retail prices.  A quick look at Amazon.com shows discounted pricing.  If you are an Amazon Prime customer with free shipping, you can also save the $25 or so it takes to get it to your door.

So my Solo unit sits next to my laptop, quietly protecting my data.  Quiet is relative, but it emits a very, very low hum which is almost undetectable in a quiet room and absolutely absent when listening to Slacker.com.  It looks pretty good, too, with blue lights on the front indicating a power on state. 

This is an excellent drive at an affordable price.  If you currently pay monthly fees to support over-the-Web backups, if you still use backup tapes, or if you have simply decided it’s too much trouble to look for and implement the right backup solution, you should definitely take a look at the ioSafe Solo.  I highly recommend it.

New centralized storage for SMBs

In Backup, Business Continuity, Data Security on March 12, 2009 at 07:23

Keeping all your sensitive information in a centralized location helps with security.  However, SMBs with large storage needs (or home users with way too much audio-video gear) may find the new D-Link SAN array useful.

D-Link DSN 1100

D-Link DSN 1100

No, it’s not a big EMC device, but most small businesses don’t need and can’t afford a big piece of storage iron.  So for about $1800, they can get most of the benefits of an enterprise SAN, including:

  • Up to 7.5TB of storage
  • RAID 0, 1, 1+0 and 5
  • CHAP authentication
  • Four 1Gb ports
  • SSL security to manage console
  • VLAN zoning for network segmentation
  • Up to 72 hours of battery backup

It’s everything a SMB needs to consolidate, protect, and ensure available of sensitive information.

%d bloggers like this: