Re: [Hampshire] Home fileserving architecture

On 17 September 2010 02:22, Anthony <ar@???> wrote:
> At home I've a fileserver PC and Ubuntu clients including one that's
> ended up needing to be left on 24/7.  I'm thinking of moving the
> server's 2 disks to the always-on desktop box to save electricity.  All
> PCs are on a wifi ADSL router using Cat5 and WPA, and we've an
> (untrusted) lodger.  Backups are nightly between encrypted server disks,
> and approx weekly an incremental to an unencrypted USB drive which is
> locked away. [*]
>
> Have I thought of all the pros and cons, and how should I secure this
> arrangement (especially NFS)?
>
> Power: saves 25%
>    same disk count, one less mobo
>
> LAN security: no change - is it enough?
>    client login passwords; static client IPs;
>    NFS exports to individual IPs;
>    encrypted data disks; ssh with passwords
>
> Physical security: worse.
>    fileserver is in the loft,
>    PC and router are on the desk
>

Physical security is the best option if the lodger is untrusted.
Keep the lodger away from the computers.

Another approach is to determine which data items you do not wish the
untrusted person to see, and keep them locked away.
E.g. On a removable HD or flash disk.
Also boot from the removable storage so the untrusted person cannot
put a key logger on there.

Also, what is the worst that could happen if the untrusted person does
get access to all your data?
If no-one will die or make financial gain as a result, it is hardly
worth the effort securing it?