How do you secure your home lab? Like, physically? From thieves?

Submitted ⁨⁨5⁩ ⁨months⁩ ago⁩ by ⁨paequ2@lemmy.today⁩ to ⁨selfhosted@lemmy.world⁩

As I rely more on my home lab server, I’m starting to worry more about it getting stolen. If someone breaks into my home, I think the server will be a pretty attractive target.

Do y’all just stick it in a closet? That seems not great for cooling…

source

Comments

Sort:hotnew top

Steve@startrek.website ⁨5⁩ ⁨months⁩ ago
Go to the pawn shop and ask them how much they would pay for your server. I bet $20

source
- paequ2@lemmy.today ⁨5⁩ ⁨months⁩ ago
  I mean… I’ve been selling and buying used computer equipment on eBay for way more than $20…
  
  source
Zwuzelmaus@feddit.org ⁨5⁩ ⁨months⁩ ago
My current server is a normal tower PC on the outside, but it is placed in a remote and inaccessible part of my rooms.

My next one (work in progress) will be placed in a corner of the living room (because the cable from the satellite dish is there). It will not look like a computer. Just a white square box with a table top on it. And it will not make any noise (hopefully).

source
0x0@lemmy.zip ⁨5⁩ ⁨months⁩ ago
Blinking lights don’t really attract thieves… gold ‘n’ cash does.
With that said… put it in a room you can keep closed at all times (watch the temps).

And do have backups offsite.

source
CallMeAnAI@lemmy.world ⁨5⁩ ⁨months⁩ ago
You are paranoid. And beyond putting a camera outside (minimal but some deterance), you have putting bars on windows and shit.

source
itztalal@lemmings.world ⁨5⁩ ⁨months⁩ ago
Home… lab?

Dude, it’s just a computer.

source
- Sabata11792@ani.social ⁨5⁩ ⁨months⁩ ago
  But I put it in a really expensive cabinet that I did not measure.
  
  source
- Marafon@sh.itjust.works ⁨5⁩ ⁨months⁩ ago
  Lol all I have is the remnants from my ship of theseused main rig chilling in a 3d printed enclosure running a single game server (sometimes) and I call that my homelab. Mostly because anyone I actually talk to in real life has no idea what the fuck I’m talking about anyway.
  
  source
- WhyJiffie@sh.itjust.works ⁨5⁩ ⁨months⁩ ago
  maybe they have switches and computers and whatnot, different units
  
  source
CameronDev@programming.dev ⁨5⁩ ⁨months⁩ ago
Home security first of all, with cameras to deter thiefs. That alone mostly solves the problem, but I’m in a relatively safe area.

My “lab” is just a switch, nuc and unifi cloud key, and while they are warm in their closet, its not super hot.

I have a Kensington lock on the security camera box, but someone could theoretically yank that out of the wall.

The rest really isnt worth breaking in to steal.

source
- cmnybo@discuss.tchncs.de ⁨5⁩ ⁨months⁩ ago
  All a kensington lock does is cause a bit of damage so a potential buyer can tell that the equipment was stolen.
  
  A thief will likely want to steal or destroy the DVR, so make sure it’s well hidden or locked inside a proper safe.
  
  source
  - CameronDev@programming.dev ⁨5⁩ ⁨months⁩ ago
    I’m guessing they can rip the other end of the lock out of the wall tbh.
    
    But realistically, theifs aren’t that sophisticated, they aren’t going to waste time trying to find and destroy the DVR, the will grab whatever valuables they can carry and pawn and leave as fast as possible.
    
    The cameras are really just a deterant, they will move on to an easier house instead of risking it with mine.
    
    source
tal@olio.cafe ⁨5⁩ ⁨months⁩ ago
Is your concern compromise of your data or loss of the server?

My guess is that most burglaries don’t wind up with people trying to make use of the data on computers.

As to loss, I mean, do an off-site backup of stuff that you can’t handle losing and in the unlikely case that it gets stolen, be prepared to replace hardware.

If you just want to keep the hardware out of sight and create a minimal barrier, you can get locking, ventillated racks. I donlt know how cost-effective that is; I’d think that that might cost more than the expected value of the loss from theft. If a computer costs $1000 and you have a 1% chance of it being stolen, you should not spend more than $10 on prevention in terms of reducing cost of hardware loss, eveb if that method is 100% effective.

source
lorentz@feddit.it ⁨5⁩ ⁨months⁩ ago
Backup and encryption. encryption prevents the thief to see my data, backup allows me to make a new server. Furthermore, as other pointed out, I don’t expect that a common thief will see a lot of value in a small black box on top of a shelf

source
- paequ2@lemmy.today ⁨5⁩ ⁨months⁩ ago
  
  Backup and encryption
  
  Yeah, I guess this is the solution. Encryption I get. But where do you backup to? I currently have about 4TB of data and was thinking of at least doubling capacity soon. How expensive is it to backup 8TB of data somewhere?
  
  source
  - lorentz@feddit.it ⁨5⁩ ⁨months⁩ ago
    The really important things (essentially only photos) are backed up on a different USB drive and remotely on backblaze. Around one terabyte cost 2-3$ per month (you pay by operation, so it depends also by how frequently you trigger the backup). You want to search for “cold storage” which is the name for cloud storage unfrequently accessed (in other words, more storage than bandwidth). As a bonus, if you use rclone you can encrypt your data before sending it to the cloud.
    
    source
  - glizzyguzzler@piefed.blahaj.zone ⁨5⁩ ⁨months⁩ ago
    I put a tiny NAS in my parents’ house (cheapest ARM synology 2-bay). It backs up their computers (a first, of course, but the photos are safe now!) and my server sends its TBs to there too. Upfront is large because you need to put in two big drives plus a lil NAS. But no $/mo, thanks parents.
    
    For over a few TB Hetzner and the like really hit hard (€21/mo for 10TB at Hetzner storage box). Depends how much disposable income you have/want to ensure data is good. Now-a-days €21/mo is like 1 Disney/Hulu/bullshit, that price is obviously over inflated but it makes you feel less bad about spending it on cold, hard, remote backups of your big ass data.
    
    source
- WhyJiffie@sh.itjust.works ⁨5⁩ ⁨months⁩ ago
  how do you unlock the encrypted disks? is it manual, or did you automate it?
  
  source
  - fmstrat@lemmy.nowsci.com ⁨5⁩ ⁨months⁩ ago
    Dropbear. You can run a small SSH server in initd that allows you to SSH in and type the encryption password. It doesn’t run a shell, just cryptsetup.
    
    source
  - lorentz@feddit.it ⁨5⁩ ⁨months⁩ ago
    I have automated it with a small initramfs script which has half password and download the other half from internet. My threat model is to protect from a random thief. So they should connect it to a network similar to mine (same netmask and gateway) and boot it before I can remove the half key from internet.
    
    some security which is on my TODO list is: allow fetching the half key only from my home IP and add some sort of alert for when it is fetched.
    
    source
  - glizzyguzzler@piefed.blahaj.zone ⁨5⁩ ⁨months⁩ ago
    One of the best uses of encryption is that you can pull drives that die and not have to try to wipe them as they die or smash them. They’re encrypted so it’s just gibberish. Mostly the reason to encrypt.
    
    I auto-unlock with two things: a USB drive I put in the computer that it looks for and another computer on the network that hosts an unlock file. I’m not defending against nation-states or the Gestapo, regular rubes won’t notice the pi zero hidden that hosts the network file. USB drive is for just-in-case so I don’t have to type that long ass password ever.
    
    I didn’t try hard, but I’m not sure how to make auto-unlocking more secure.
    
    source
    -> View More Comments
  - dreadbeef@lemmy.dbzer0.com ⁨5⁩ ⁨months⁩ ago
    Linux with LUKS can be configured to decrypt at boot
    
    source
    -> View More Comments
fhein@lemmy.world ⁨5⁩ ⁨months⁩ ago
I mounted mine on the wall under a desk in a room with no other electronics, and then put up a fake wall in front of the server. It can draw in air from the sides, and exhaust upwards behind the desk. But the only real solution is offsite backup, which will also protect against fire and other disasters.

source
- frongt@lemmy.zip ⁨5⁩ ⁨months⁩ ago
  What do you do when you need to replace a drive?
  
  source
  - fhein@lemmy.world ⁨5⁩ ⁨months⁩ ago
    So far that has never happened because I’m not using that much storage :) But I shut it down when I need to turn off the mains electricity, and for powering it on afterwards the fake wall can be lifted off. It’s just the area underneath the desk so the panel might be smaller than it sounds like, and it hangs on some hooks so it’s fairly easy to remove if you know what you’re doing. Painted in the same colour as the wall, and with some some random junk on the floor in front, it blends in quite well though. I think the risk of burglary is fairly low, so it’s primarily to soothe my own paranoia.
    
    source
scintilla@crust.piefed.social ⁨5⁩ ⁨months⁩ ago
Genuine question how hard would it be to rig some form of self destruct to a drive that has to be deactivated before power is lost to it. Obviously their would be a backup power solution for if mains power was lost but would it be feasible and doable without breaking any laws inherently (eg being a trap and killing the thief).

I’m not asking for a friend but I also don’t ever plan to use this knowledge I’m just genuinely curious.

source
- betterdeadthanreddit@lemmy.world ⁨5⁩ ⁨months⁩ ago
  There have been some interesting DEFCON talks on the subject.
  
  DEFCON 19: And That’s How I Lost My Eye: Exploring Emergency Data Destruction (w speaker) / Invidious: Nadeko or instance selection
  
  DEF CON 23 - Zoz - And That’s How I Lost My Other Eye…Explorations in Data Destruction (Fixed) / Invidious: Nadeko or instance selection
  
  Some of the Invidious instances are busted due to recent changes but Nadeko seems to be working for now.
  
  source
Dyskolos@lemmy.zip ⁨5⁩ ⁨months⁩ ago
Cellar, steel-door with face-detection. Only if me (and/or wifey) are present the door opens shortly, video-surveillance, alarm-system. Same for gate and entrance. So you first would have to make your way TO the server-room :-) Might be an overkill (who wants to steal a server?!) but our backups and archives are stored there too, 100% fire-proof. And I value those. Money is replaceable.

source
mean_bean279@lemmy.world ⁨5⁩ ⁨months⁩ ago
Since the other comments seem to be less than useful ideas on things you didn’t ask about…

I keep my NAS/Video server for my home cameras in my gun safe. Costco has a gun safe (really can be used for anything like documents too since it’s fire rated) that had power cable running to the inside. I used the same path to run a data cable and keep it all locked up in there with a monitor mounted on top and a UPS in the middle. My safe is close to my room with the idea being if someone wanted to break in I’d keep the footage. Not that anyone would, but like you seem to be asking I’m more concerned about the what if.

The rest of the switches/routers/WAP Controller is located in my home office closet inside of one of those on-Q boxes in the wall.

source
- Zwuzelmaus@feddit.org ⁨5⁩ ⁨months⁩ ago
  If the (theoretical) burglar finds a gun safe and it is even locked properly, I would think it looks quite attractive :)
  
  source
  - mean_bean279@lemmy.world ⁨5⁩ ⁨months⁩ ago
    That’s why it’s bolted to a concrete slab from the inside.
    
    source
- NutinButNet@hilariouschaos.com ⁨5⁩ ⁨months⁩ ago
  That sounds like a great idea but how is the ventilation on that setup? Does it have ventilation for letting in cool air and exhausting the hot air?
  
  source
  - mean_bean279@lemmy.world ⁨5⁩ ⁨months⁩ ago
    It’s a smaller unit for my camera setup and it’s in a cooler area. When I open the safe up it’s basically the same temp. So I’m not worried about thermal performance. At least on that front. The camera system is just for home monitoring. The main components (what you mentioned being concerned about) stay hidden too behind the closet wall in my office and the wall is an interior wall so thermally they stay pretty smooth.
    
    source
FistingEnthusiast@lemmynsfw.com ⁨5⁩ ⁨months⁩ ago
It’s valuable to you

I want to steal shit that I can move easily, and I’m going to avoid niche stuff with a limited number of buyers because I don’t want to use the same people repeatedly

source
neidu3@sh.itjust.works ⁨5⁩ ⁨months⁩ ago
By living in the middle of fucking nowhere. I haven’t locked my front door in over a year.

source
meme_historian@lemmy.dbzer0.com ⁨5⁩ ⁨months⁩ ago
I doubt that a server would be an attractive target for common thieves. It’s heavy, bulky and not immediately clear how well it would resell and how valuable it actually is. So yeah… Just have plenty of other more stealable things lying around I guess 😄

source
- paequ2@lemmy.today ⁨5⁩ ⁨months⁩ ago
  I guess it’s a unique situation for everyone. My TV is huge, heavy, and requires at least 2 people (I used 3 people) to carefully move it out. Laptops are easy and fast to take. I don’t think one would stop there though. I don’t have gold n cash laying around like some other Lemmy users here, lol.
  
  I’m not sure if I have anything else that’s valuable. No tablets. Not much tools. Uh. What else do people have that is sellable?
  
  My home server is a smallish ITX box. I could see some idiot thinking computers -> gaming -> expensive -> money.
  
  source
betterdeadthanreddit@lemmy.world ⁨5⁩ ⁨months⁩ ago
EASY does it: Experimental Autonomous Securitybot, Yellow.

Image

source
- treadful@lemmy.zip ⁨5⁩ ⁨months⁩ ago
  May as well just rig the house to burst into flames
  
  source
  - SpikesOtherDog@ani.social ⁨5⁩ ⁨months⁩ ago
    I bought my power supplies off temu. One way or another, someone is getting hurt.
    
    source
  - betterdeadthanreddit@lemmy.world ⁨5⁩ ⁨months⁩ ago
    That’s reserved for if they make it past the first three levels of security. EASY and pals are #2.
    
    source
Theoriginalthon@lemmy.world ⁨5⁩ ⁨months⁩ ago
Door lock and house alarm, also mines at the back of the garage with plenty of more easily stealable things in front of it.

source
- betterdeadthanreddit@lemmy.world ⁨5⁩ ⁨months⁩ ago
  
  …mines at the back of the garage…
  
  Holy shit, you are serious about your physical security!
  
  source
  - tal@olio.cafe ⁨5⁩ ⁨months⁩ ago
    https://en.wikipedia.org/wiki/Mantrap_%28snare%29
    
    Mantraps that use deadly force are illegal in the United States, and in notable tort law cases the trespasser has successfully sued the property owner for damages caused by the mantrap. There is also the possibility that such traps could endanger emergency service personnel such as firefighters who must forcefully enter such buildings during emergencies. As noted in the important American court case of Katko v. Briney, “the law has always placed a higher value upon human safety than upon mere rights of property”.[5]
    
    source
    -> View More Comments
  - Peffse@lemmy.world ⁨5⁩ ⁨months⁩ ago
    Easily defeated by those who play Minesweeper.
    
    source
  - Theoriginalthon@lemmy.world ⁨5⁩ ⁨months⁩ ago
    It’s also kind of squished on some racking, and with it been a 4u rack case full of HDD it’s quite heavy. If you have made it this far in to the garage, you not only have done well but passed the beer collection and numerous cordless power tools. It also has a sign saying beware of the leopard.
    
    source