this post was submitted on 30 Nov 2023
40 points (91.7% liked)

Selfhosted

40189 readers
674 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I feel super dumb right now.

I always thought, that all user data (/home/) are decently safe against physical access, as long as my user and root password is strong enough. If I just plug in the hard drive, nobody except the Super User has access to the data on it.

Well, the guys on the other community (Link) have shown me how wrong I've been.

All of my devices are securely encrypted. Well, all of them, except the most important one: my server, where all pictures, documents and other private stuff is stored.

Now, I'm afraid as hell that this will go wrong in the future. Imagine a vengeful ex girlfriend, a police raid, whatever.
It's just dumb from my side to secure everything except the one thing that would need it the most.

I've already done my homework, and encryption doesn't seem like a highly important topic in the selfhosting community, or on many servers else.
At least that's what I've got the feeling.

The most common argument I hear is "nobody will get physical access anyway, so I don't care".


Threat model and security measures

My threat model: not high. I don't do any illegal stuff and don't have any enemies. Still, I want everything at least somewhat secure.
If it only serves the purpose to annoy the intruder it's already enough.

The only thing that has online access is my Nextcloud (AIO from Docker), and that is already well secured against hacking attacks (password, 2FA, brute force protection, etc.).

It's also the only thing that is worth securing in my eyes.


Options for encryption

LUKS2 full disk

I would need to factory reset the whole server for that, which would be ... highly inconvenient for me. It took me quite a long time to get everything working, and I don't wanna loose my configuration.

Also, how should I access the device when I don't see anything? Is there a workaround or something when I want to reboot without a monitor and keyboard?

Only encrypt the home folder

Same problem as with FDE

Nextcloud server side encryption

That one isn't recommended from what I've read. It causes compatibility issues and an extreme hit on performance according to forums. Is this still correct?

Cryptomator (?)

Encrypting and decrypting with every up- and download sounds quite annoying. Wouldn't be my prefered method tbh.


What is your opinion on that topic? What would you recommend me?

Please remember, that I'm not that experienced as much, so please be patient with me 😬

you are viewing a single comment's thread
view the rest of the comments
[–] guitarsarereal@sh.itjust.works 8 points 11 months ago* (last edited 11 months ago)

Encrypting your disk only provides at-rest protection, meaning there are entire swathes of physical attacks it provides zero protection against. Tons of stuff a malicious actor can do during runtime with physical access that you'd never notice. it quite literally only protects against thugs smashing your door in and physically walking away with the disk.

So if you've painted yourself into a corner with a baby's first config, what you can do to step up your level of data protection (until you can redo your setup properly) is creating an encrypted filesystem or filesystem image (use fallocate to create a large empty file, then connect it to a loopback device, encrypt with LUKS, and use it as a virtual filesystem), rsync your data directory to it, and then unlock/mount it at boot under the directory where Nextcloud is configured to store your data. It's god-awful, but this should be more or less transparent to Nextcloud if you do it right, and then at least your data directory gets at-rest encryption, and tbqh if someone is smash and grabbing your hard drive they are probably more interested in your data than they are your OS config.

I wouldn't say this is an acceptable or preferable alternative to FDE, but it sounds like you're still figuring out the best ways to set these things up, and this will get you more protection than none. But, realistically, you should probably not worry about it too much and should think about the security of your setup as a learning exercise/study in best practices.