Backup and encryption
Yeah, I guess this is the solution. Encryption I get. But where do you backup to? I currently have about 4TB of data and was thinking of at least doubling capacity soon. How expensive is it to backup 8TB of data somewhere?
Comment on How do you secure your home lab? Like, physically? From thieves?
lorentz@feddit.it 21 hours ago
Backup and encryption. encryption prevents the thief to see my data, backup allows me to make a new server. Furthermore, as other pointed out, I don’t expect that a common thief will see a lot of value in a small black box on top of a shelf
paequ2@lemmy.today 13 hours ago
lorentz@feddit.it 10 hours ago
The really important things (essentially only photos) are backed up on a different USB drive and remotely on backblaze. Around one terabyte cost 2-3$ per month (you pay by operation, so it depends also by how frequently you trigger the backup). You want to search for “cold storage” which is the name for cloud storage unfrequently accessed (in other words, more storage than bandwidth). As a bonus, if you use rclone you can encrypt your data before sending it to the cloud.
glizzyguzzler@piefed.blahaj.zone 12 hours ago
I put a tiny NAS in my parents’ house (cheapest ARM synology 2-bay). It backs up their computers (a first, of course, but the photos are safe now!) and my server sends its TBs to there too. Upfront is large because you need to put in two big drives plus a lil NAS. But no $/mo, thanks parents.
For over a few TB Hetzner and the like really hit hard (€21/mo for 10TB at Hetzner storage box). Depends how much disposable income you have/want to ensure data is good. Now-a-days €21/mo is like 1 Disney/Hulu/bullshit, that price is obviously over inflated but it makes you feel less bad about spending it on cold, hard, remote backups of your big ass data.
WhyJiffie@sh.itjust.works 19 hours ago
how do you unlock the encrypted disks? is it manual, or did you automate it?
glizzyguzzler@piefed.blahaj.zone 12 hours ago
One of the best uses of encryption is that you can pull drives that die and not have to try to wipe them as they die or smash them. They’re encrypted so it’s just gibberish. Mostly the reason to encrypt.
I auto-unlock with two things: a USB drive I put in the computer that it looks for and another computer on the network that hosts an unlock file. I’m not defending against nation-states or the Gestapo, regular rubes won’t notice the pi zero hidden that hosts the network file. USB drive is for just-in-case so I don’t have to type that long ass password ever.
I didn’t try hard, but I’m not sure how to make auto-unlocking more secure.
huquad@lemmy.ml 1 hour ago
Especially if you stripe the data across multiple drives too
lorentz@feddit.it 9 hours ago
I have automated it with a small initramfs script which has half password and download the other half from internet. My threat model is to protect from a random thief. So they should connect it to a network similar to mine (same netmask and gateway) and boot it before I can remove the half key from internet.
some security which is on my TODO list is: allow fetching the half key only from my home IP and add some sort of alert for when it is fetched.
fmstrat@lemmy.nowsci.com 8 hours ago
Dropbear. You can run a small SSH server in initd that allows you to SSH in and type the encryption password. It doesn’t run a shell, just cryptsetup.
dreadbeef@lemmy.dbzer0.com 18 hours ago
Linux with LUKS can be configured to decrypt at boot
WhyJiffie@sh.itjust.works 13 hours ago
ok, but where does it get the decryption key from. my real question is how did you implement automatic unlock securely
dreadbeef@lemmy.dbzer0.com 13 hours ago
you type it in on boot
frongt@lemmy.zip 13 hours ago
That kind of defeats the purpose then doesn’t it
dreadbeef@lemmy.dbzer0.com 13 hours ago
shut down and its encrypted? ofc you also have to have a decrypt password