LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-09-2006, 06:17 PM   #1
meles meles
LQ Newbie
 
Registered: Aug 2005
Posts: 10

Rep: Reputation: 0
Totally securing a home server and NAS


'oomans,

Is it possible to set up a totally secure network and NAS, yet still have the data stored thereon accessible via the internet ? What we want to do is have a fileserver available on our network where data is stored in an encrypted form, and made available to a remote user securely. We currently have several remote users using laptops who we would wish to have access to data on the secure server - perhaps via some form of VPN.

How do we go about setting up such a system ? We're thinking of building a new server, perhaps based on a mini-ITX board for low power consumption. Can anyone recommend a suitable distro - preferably one easily installed, administered and secured by a small brained kreecher ? How do we secure the data on the server ? Can we use something like TrueCrypt on a RAID 5 array ? (At the moment all data on our laptops are secured using Truecrypt, but we can't find out if it can be used on a server)
 
Old 07-09-2006, 09:19 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Is it possible to set up a totally secure network and NAS, yet still have the data stored thereon accessible via the internet ?
No way. A totally secure system is one that is unplugged from any network and encased in cement. No joke.

It's difficult to answer your question without knowing more details. At a glance I'd suggest setting up a ssh server and following some basic points:
1. Allow only pubkey authentication.
2. Disable ssh protocol version 1.
3. Disallow root login via ssh.
4. If your remote user will always be connecting from the same IP or network, restrict access using iptables/netfilter and tcp_wrappers.
5. Tell it to listen on a non-standard port. (e.g. 55)

That, and your vigilant monitoring, will make it very secure. From there, enable the sftp subsystem and let the user access the data that way. I believe there are even some nice, pretty GUI frontends for sftp.

Encrypting the data on the server is your last line of defense in this case. Be thinking about restricting access to the server first.
 
Old 07-09-2006, 09:21 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
As for distros, they're all pretty similar for what you're trying to do, IMO. You can secure most of them following the same steps.

Go for something popular if you want a large user base (i.e. support). FC, SuSE, Debian, etc., etc.
 
Old 07-10-2006, 01:31 PM   #4
meles meles
LQ Newbie
 
Registered: Aug 2005
Posts: 10

Original Poster
Rep: Reputation: 0
We agree that total security is almost impossible, but we'd like to get close - after all, our server will contain the battleplans for when we rise up to overthrow 'oomanity and regain our rightful place at the top of the pecking order.

We're thinking of setting up a server running NASLite and using Truecrypt to encrypt the data stored on the system. The server will be accessed only by trusted badgers using laptops linked via a VPN.

Recommendations for the VPN would be useful: we're currently thinking of using a hardware VPN/Router/ wifi access point. The data encryption is there as a fallback in case the physical security of the server is ever compromised - we'd like it to default to encrypted status if ever it is physically compromised, ie a Mr Plod type 'ooman turns up and carts it away for the Feds to inspect.

Should NASLite be unsuitable, we're thinking of the following other options and would be grateful of comments from those of you that may have used them:

* Clark Connect
* Xandros Server
* SME server 7

Last edited by meles meles; 07-10-2006 at 05:34 PM.
 
  


Reply

Tags
network, secure, server, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Homemade NAS Server phillipw Linux - Software 1 09-07-2006 10:56 PM
Linux Home on Windows NAS Box Pravat Linux - Networking 1 04-02-2006 05:05 PM
securing /home directories danimalz Debian 21 11-30-2005 04:30 AM
/home totally hosed (long) pete_bogg Slackware 5 01-17-2005 10:59 PM
Totally Frustrated Home Gateway Person Joe Kerrigan Linux - Networking 6 08-05-2002 12:04 PM


All times are GMT -5. The time now is 09:46 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration