I was wondering what preventative steps everyone’s taking to prevent their locally hosted NextCloud instances from falling prey to attackers with physical access? While I certainly don’t trust Google, I imagine their security would at least be harder to break that my basement window with a crowbar.
My understanding so far:
NextCloud’s own E2EE would provide security against a physical attacker if it worked, but it doesn’t yet.
In the meantime, enabling full disk encryption using LUKS, is the best option as it would render the disk unreadable without a password following power loss when the plug is pulled.
Have I got a good understanding of things?
Thanks for any help guys.
Honestly if security is a REQUIREMENT go colocate your gears. Don’t house data in your house that you are morally and/or regulatory responsible for. Such as but not limited if your hosting others’ data, sensitive data and/or any other situations where comprised data could results in someone getting hurt and/or their reputation damaged other than your own.
With that disclaimer out of the way if your storing your own data that doesn’t require you to store it in a certain way then buying a locked cabinet is a good start. They comes in as small as 10U I believe and you can easily scale up to a full 42U cabinet if you got other things to protect like an expensive USP for example.
Another option would also have a few hidden cameras around (even one or two in the locked cabinet) could also be a benefit.
Beside that yea full drive encryption is the best feasible tool in a home data storage to swat the thieves for good.
Great answer. Thanks so much. I’ll look into a cabinet.
Just out of curiosity, where would you suggest someone houses sensitive data that they are morally responsible for? My understanding was that the best practice was not to house it at all, after which locally hosted was best.
Full disk encryption will prevent others from accessing the data on your physical disk, as the person recommended above. My suggestion is to setup a plan that guarantees your data will also be literally recoverable from backups if your “primary” disk is stolen. This means you should maintain multiple copies of the physical disks, ideally in multiple locations. Lots of great backup guides in old forum or internet searches so I’ll let you figure that out. Good luck.
If for example if your supplying storage for example to end users you would best off collocating to a facility that offer locking cabinets, 24x7 security staffing and so on. As your house is not morally acceptable for multi users usage (beyond the immediate family for instance for a media store or similar).
It’s the same idea of locking physical supplies, would you trust a stranger to store your physical supplies in a basement or a business who specialized in secure storage caches?
Thanks guys. This clears up alot.