Nathan, My personal opinion would be to completely separate personal data and sensitive client data. I would prefer to have a separate box for personal and sensitive data, but that may not always be possible. Here are my suggestions in random order: 1. If you encrypt the folder in which the sensitive data is in and only unlock it when you are accessing it you can prevent unintentional access. 2. You can also use a file integrity checker to verify you are the only one who changes those files. 3. A must would be to use long 10+ character passwords and if you are accessing this server from the internet use private keys only for ssh access. 4. I would install logwatch to monitor the server for you. 5. Smartmontools should be used to monitor the disk to prevent a disk unexpectedly failing. If you are the sole user of this box that should be plenty to work with. I would suggest more if you were sharing access to this with other people.
On Tue, Apr 2, 2013 at 9:19 AM, Nathan England <[email protected]> wrote: > > Hello Hello, > > I will soon be building a new server for my home office. I do various > consulting jobs and have access to data that my customers consider > highly personal or private, some of which I've signed NDA's in order to > have access to. The current server stores my client data, various source > code files, but it also doubles as my personal data store. All my > personal projects along with videos and pictures, audio files and > everything that all of us parents and geeks would want to store. > > My new hardware will have multiple drives in a raid configuration. I > have not completely decided on how that will be configured. I would like > your opinions on the best methods of securing a server. I am not against > having to type in an encryption passphrase each time the machine boots, > but as it will be headless, I'd really rather not, but hoping beyond > setup I will not need to reboot it often it is an option. > > What options should I consider for protecting the data on the hard > drives and still provide some sane level of usability from a workstation > somewhere else? > > I appreciate your thoughts! > > Nathan > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
