As I rely more on my home lab server, I’m starting to worry more about it getting stolen. If someone breaks into my home, I think the server will be a pretty attractive target.
Do y’all just stick it in a closet? That seems not great for cooling…
One of my neighbors recently got broken into.
The 42U rack in the basement will be… hard to steal.
I only use 3U of it for compute and all of it came from my university salvage for less than… $350 total (switch, rack, 2 servers).
Door lock and house alarm, also mines at the back of the garage with plenty of more easily stealable things in front of it.
…mines at the back of the garage…
Holy shit, you are serious about your physical security!
Easily defeated by those who play Minesweeper.
Mantraps that use deadly force are illegal in the United States, and in notable tort law cases the trespasser has successfully sued the property owner for damages caused by the mantrap. There is also the possibility that such traps could endanger emergency service personnel such as firefighters who must forcefully enter such buildings during emergencies. As noted in the important American court case of Katko v. Briney, “the law has always placed a higher value upon human safety than upon mere rights of property”.[5]
EDIT: I’d add that I don’t know about the “life always takes precedence over property” statement; Texas has pretty permissive use of deadly force in defense of property. However, I don’t think that anywhere in the US permits traps that make use of deadly force.
This has ruined my plans of making my car unstealable!
/s, I guess
Don’t want to ruin the fun but he missed an apostrophe in the sentence. His stuff is in the back of the garage. “mine’s at the back of the garage”
Yeah, I saw, but it’s an interesting topic.
It’s also kind of squished on some racking, and with it been a 4u rack case full of HDD it’s quite heavy. If you have made it this far in to the garage, you not only have done well but passed the beer collection and numerous cordless power tools. It also has a sign saying beware of the leopard.
By living in the middle of fucking nowhere. I haven’t locked my front door in over a year.
EASY does it: Experimental Autonomous Securitybot, Yellow.
May as well just rig the house to burst into flames
I bought my power supplies off temu. One way or another, someone is getting hurt.
That’s reserved for if they make it past the first three levels of security. EASY and pals are #2.
It’s valuable to you
I want to steal shit that I can move easily, and I’m going to avoid niche stuff with a limited number of buyers because I don’t want to use the same people repeatedly
Since the other comments seem to be less than useful ideas on things you didn’t ask about…
I keep my NAS/Video server for my home cameras in my gun safe. Costco has a gun safe (really can be used for anything like documents too since it’s fire rated) that had power cable running to the inside. I used the same path to run a data cable and keep it all locked up in there with a monitor mounted on top and a UPS in the middle. My safe is close to my room with the idea being if someone wanted to break in I’d keep the footage. Not that anyone would, but like you seem to be asking I’m more concerned about the what if.
The rest of the switches/routers/WAP Controller is located in my home office closet inside of one of those on-Q boxes in the wall.
If the (theoretical) burglar finds a gun safe and it is even locked properly, I would think it looks quite attractive :)
That’s why it’s bolted to a concrete slab from the inside.
That sounds like a great idea but how is the ventilation on that setup? Does it have ventilation for letting in cool air and exhausting the hot air?
It’s a smaller unit for my camera setup and it’s in a cooler area. When I open the safe up it’s basically the same temp. So I’m not worried about thermal performance. At least on that front. The camera system is just for home monitoring. The main components (what you mentioned being concerned about) stay hidden too behind the closet wall in my office and the wall is an interior wall so thermally they stay pretty smooth.
Home security first of all, with cameras to deter thiefs. That alone mostly solves the problem, but I’m in a relatively safe area.
My “lab” is just a switch, nuc and unifi cloud key, and while they are warm in their closet, its not super hot.
I have a Kensington lock on the security camera box, but someone could theoretically yank that out of the wall.
The rest really isnt worth breaking in to steal.
All a kensington lock does is cause a bit of damage so a potential buyer can tell that the equipment was stolen.
A thief will likely want to steal or destroy the DVR, so make sure it’s well hidden or locked inside a proper safe.
I’m guessing they can rip the other end of the lock out of the wall tbh.
But realistically, theifs aren’t that sophisticated, they aren’t going to waste time trying to find and destroy the DVR, the will grab whatever valuables they can carry and pawn and leave as fast as possible.
The cameras are really just a deterant, they will move on to an easier house instead of risking it with mine.
I doubt that a server would be an attractive target for common thieves. It’s heavy, bulky and not immediately clear how well it would resell and how valuable it actually is. So yeah… Just have plenty of other more stealable things lying around I guess 😄
I guess it’s a unique situation for everyone. My TV is huge, heavy, and requires at least 2 people (I used 3 people) to carefully move it out. Laptops are easy and fast to take. I don’t think one would stop there though. I don’t have gold n cash laying around like some other Lemmy users here, lol.
I’m not sure if I have anything else that’s valuable. No tablets. Not much tools. Uh. What else do people have that is sellable?
My home server is a smallish ITX box. I could see some idiot thinking computers -> gaming -> expensive -> money.
Cellar, steel-door with face-detection. Only if me (and/or wifey) are present the door opens shortly, video-surveillance, alarm-system. Same for gate and entrance. So you first would have to make your way TO the server-room :-) Might be an overkill (who wants to steal a server?!) but our backups and archives are stored there too, 100% fire-proof. And I value those. Money is replaceable.
Backup and encryption. encryption prevents the thief to see my data, backup allows me to make a new server. Furthermore, as other pointed out, I don’t expect that a common thief will see a lot of value in a small black box on top of a shelf
Backup and encryption
Yeah, I guess this is the solution. Encryption I get. But where do you backup to? I currently have about 4TB of data and was thinking of at least doubling capacity soon. How expensive is it to backup 8TB of data somewhere?
I put a tiny NAS in my parents’ house (cheapest ARM synology 2-bay). It backs up their computers (a first, of course, but the photos are safe now!) and my server sends its TBs to there too. Upfront is large because you need to put in two big drives plus a lil NAS. But no $/mo, thanks parents.
For over a few TB Hetzner and the like really hit hard (€21/mo for 10TB at Hetzner storage box). Depends how much disposable income you have/want to ensure data is good. Now-a-days €21/mo is like 1 Disney/Hulu/bullshit, that price is obviously over inflated but it makes you feel less bad about spending it on cold, hard, remote backups of your big ass data.
The really important things (essentially only photos) are backed up on a different USB drive and remotely on backblaze. Around one terabyte cost 2-3$ per month (you pay by operation, so it depends also by how frequently you trigger the backup). You want to search for “cold storage” which is the name for cloud storage unfrequently accessed (in other words, more storage than bandwidth). As a bonus, if you use rclone you can encrypt your data before sending it to the cloud.
how do you unlock the encrypted disks? is it manual, or did you automate it?
I have automated it with a small initramfs script which has half password and download the other half from internet. My threat model is to protect from a random thief. So they should connect it to a network similar to mine (same netmask and gateway) and boot it before I can remove the half key from internet.
some security which is on my TODO list is: allow fetching the half key only from my home IP and add some sort of alert for when it is fetched.
Linux with LUKS can be configured to decrypt at boot
ok, but where does it get the decryption key from. my real question is how did you implement automatic unlock securely
you type it in on boot
That kind of defeats the purpose then doesn’t it
shut down and its encrypted? ofc you also have to have a decrypt password. I use luks so if my computer gets stolen my files arent readable, which is true because they cant leave my house without unplugging it
Oh, if there’s a password then that’s different.
But they certainly can take it without unplugging it, if they really want to. For example: https://cdsg.com/products/hotplug-field-kit
One of the best uses of encryption is that you can pull drives that die and not have to try to wipe them as they die or smash them. They’re encrypted so it’s just gibberish. Mostly the reason to encrypt.
I auto-unlock with two things: a USB drive I put in the computer that it looks for and another computer on the network that hosts an unlock file. I’m not defending against nation-states or the Gestapo, regular rubes won’t notice the pi zero hidden that hosts the network file. USB drive is for just-in-case so I don’t have to type that long ass password ever.
I didn’t try hard, but I’m not sure how to make auto-unlocking more secure.
I mounted mine on the wall under a desk in a room with no other electronics, and then put up a fake wall in front of the server. It can draw in air from the sides, and exhaust upwards behind the desk. But the only real solution is offsite backup, which will also protect against fire and other disasters.
What do you do when you need to replace a drive?
My servers are one NUC clone and a 4*16tb NAS. I have a lot of docker containers running constantly and yet cooling has never really been an issue for me. A larger concern is I would rather not see it, so It’s hidden it under furniture. The fans on the NAS have attracted a layer of dust, and one day I might clean it. Kidding. I wont.
My security team involves a bull dog named Sophie, who has never done more than lick any other being, but I’m banking on burglars not knowing this.
I have a similar security team, that will bark for attention from people outside/entering the house. Sounds very intimidating, in reality, a big fluff that wants to play.
My nas is in the basement. Some day I might move it further into the basement, but there are so many steps between now and then.
Hah, my lab is mostly a bunch of raspberry pi’s screwed to a wall
Go to the pawn shop and ask them how much they would pay for your server. I bet $20
I mean… I’ve been selling and buying used computer equipment on eBay for way more than $20…
Blinking lights don’t really attract thieves… gold ‘n’ cash does.
With that said… put it in a room you can keep closed at all times (watch the temps).And do have backups offsite.
Genuine question how hard would it be to rig some form of self destruct to a drive that has to be deactivated before power is lost to it. Obviously their would be a backup power solution for if mains power was lost but would it be feasible and doable without breaking any laws inherently (eg being a trap and killing the thief).
I’m not asking for a friend but I also don’t ever plan to use this knowledge I’m just genuinely curious.
There have been some interesting DEFCON talks on the subject.
DEFCON 19: And That’s How I Lost My Eye: Exploring Emergency Data Destruction (w speaker) / Invidious: Nadeko or instance selection
DEF CON 23 - Zoz - And That’s How I Lost My Other Eye…Explorations in Data Destruction (Fixed) / Invidious: Nadeko or instance selection
Some of the Invidious instances are busted due to recent changes but Nadeko seems to be working for now.
