|
|
|
|
|
|
by 8fingerlouie
2844 days ago
|
|
|
As for physical security, you risk burglaries, fire, floods, etc, but that's why you have remote backups. I keep everything except the boot drives on encrypted drives, so that in case of burglary no data is readable. The boot drives hold no data or passwords, only enough to start up and allow SSH logins.
It's a small chore to login and manually mount the drives, but IMO worth it. As for physical access, besides the 40kg German Shepherd Dog roaming my house, the same rules apply to access as from the outside: 2FA, and limited login attempts.
I do expose more services on the LAN than i do on the internet, but everything requires authentication. For personal cloud stuff i use Resilio Sync. It's not dependent on a single machine being powered on, and i have a couple of machines at different physical locations (both _mine_, as in hardware and sysadm tasks) "hosting" the data. |
|
|
I can also power down system when leaving for a longer period and simply WoL them once connected to the VPN.