Security

Many layers of security protect the server and data on it.

  1. The server sits behind a PFSense Firewall that is running Suricata IDPS (Intrustion Detection and Prevention System). Too much is configured to document here.
  2. The server is then running Fail2Ban for brute force protection on all services. It blocks IP addresses that attempt to guess passwords too many times and puts them in jail.
  3. All services are encrypted in transit and most are encrypted at rest. Cryptpad and potentially others use E2EE (End to end encrypted) which ensures only the account holder has the encryption keys to all data. The data of services that are encrypted at rest such as Nextcloud can only be accessed by the administrator if he changes the account holder's password. The account holder would receive an automated email if password is changed. 
  4. Some services such as Nextcloud and Mastodon have MFA (Multi factor authentication) if the account holder chooses to enable it.
  5. Nextcloud also has suspicious login detection service that uses machine learning to automatically email people if anomalous logins are determined.

State backed advanced persistent threats probably could find a way to hack into the server just as they could any server. This is just a little home server with nothing of interest and not worth the effort. As paranoid as I might seem to some, I can't see why someone would got through the cost and effort just to get at our photos and other documents.


Truly free services for my friends and familyPowered by Bludit