Jump to content

Setting Up A Linux Box As Fileserver... How To Keep It Safe?


blackriver
 Share

Recommended Posts

I wanted to turn an old computer into a fileserver (running Debian). I wanted to store all my data there, so that my regular PC will only have one HDD running the OS (Windows) and programs. So I created a samba share, and got it working neatly right away. But after installing some pentesting tools, it occured to me that storing all my sensitive, private and personal data and running shady hacking/pentesting tools on one single box might not be a good idea.

Now, my question is, how to keep my personal data as safe as possible on my little Linux fileserver? I have used a different user + usergroup for my samba shares, so my normal user account can't access the samba shares thanks to regular Linux file permissions.

Is there anything more I can do?

Link to comment
Share on other sites

There are lots of things you can do. You could, for example, get a second computer and physically separate them from each other by setting up multiple networks. This requires effort and money however.

Another (free) option would be to install any penetration testing software in a virtual machine. However, it will still be on the same network as the other computer, but at least any vulnerabilities introduced as a result will only effect the VM and not your main computer.

Link to comment
Share on other sites

There are lots of things you can do. You could, for example, get a second computer and physically separate them from each other by setting up multiple networks. This requires effort and money however.

Another (free) option would be to install any penetration testing software in a virtual machine. However, it will still be on the same network as the other computer, but at least any vulnerabilities introduced as a result will only effect the VM and not your main computer.

If you must have the networks separated, you can install a second NIC in your system and bind your virtual NIC to the second NIC on the machine and use VLANS/firewalls/whatever to segment your network. I would be very hesitant to leave a lot of tools on a machine that is left alone like a file server. For me, I would not even have compilers installed on it, but that may be a little too paranoid for some.

Link to comment
Share on other sites

If you must have the networks separated, you can install a second NIC in your system and bind your virtual NIC to the second NIC on the machine and use VLANS/firewalls/whatever to segment your network. I would be very hesitant to leave a lot of tools on a machine that is left alone like a file server. For me, I would not even have compilers installed on it, but that may be a little too paranoid for some.

There is always the possibility of encrypting the drive, if paranoia is really a concern for you.

Link to comment
Share on other sites

There is always the possibility of encrypting the drive, if paranoia is really a concern for you.

The files themselves were not my concern, but rather having all of the tools available to compile software would be. Without headers, dev packages, and compilers, the box would be a little less useful to someone other than myself. File servers are great to tip because people tend to ignore them for the most part, they are great for launching...well, nevermind :).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...