Home Office Server Security

Daniel teletautala at gmail.com
Tue Apr 2 09:56:29 MDT 2013


Nathan,

My personal opinion would be to completely separate personal data and
sensitive client data.  I would prefer to have a separate box for personal
and sensitive data, but that may not always be possible.  Here are my
suggestions in random order:
1. If you encrypt the folder in which the sensitive data is in and only
unlock it when you are accessing it you can prevent unintentional access.
2. You can also use a file integrity checker to verify you are the only one
who changes those files.
3. A must would be to use long 10+ character passwords and if you are
accessing this server from the internet use private keys only for ssh
access.
4. I would install logwatch to monitor the server for you.
5. Smartmontools should be used to monitor the disk to prevent a disk
unexpectedly failing.
If you are the sole user of this box that should be plenty to work with.  I
would suggest more if you were sharing access to this with other people.



On Tue, Apr 2, 2013 at 9:19 AM, Nathan England <nathan at nmecs.com> wrote:

>
> Hello Hello,
>
> I will soon be building a new server for my home office. I do various
> consulting jobs and have access to data that my customers consider
> highly personal or private, some of which I've signed NDA's in order to
> have access to. The current server stores my client data, various source
> code files, but it also doubles as my personal data store. All my
> personal projects along with videos and pictures, audio files and
> everything that all of us parents and geeks would want to store.
>
> My new hardware will have multiple drives in a raid configuration. I
> have not completely decided on how that will be configured. I would like
> your opinions on the best methods of securing a server. I am not against
> having to type in an encryption passphrase each time the machine boots,
> but as it will be headless, I'd really rather not, but hoping beyond
> setup I will not need to reboot it often it is an option.
>
> What options should I consider for protecting the data on the hard
> drives and still provide some sane level of usability from a workstation
> somewhere else?
>
> I appreciate your thoughts!
>
> Nathan
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list