blackriver Posted November 16, 2010 Share Posted November 16, 2010 I wanted to turn an old computer into a fileserver (running Debian). I wanted to store all my data there, so that my regular PC will only have one HDD running the OS (Windows) and programs. So I created a samba share, and got it working neatly right away. But after installing some pentesting tools, it occured to me that storing all my sensitive, private and personal data and running shady hacking/pentesting tools on one single box might not be a good idea. Now, my question is, how to keep my personal data as safe as possible on my little Linux fileserver? I have used a different user + usergroup for my samba shares, so my normal user account can't access the samba shares thanks to regular Linux file permissions. Is there anything more I can do? Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 16, 2010 Share Posted November 16, 2010 There are lots of things you can do. You could, for example, get a second computer and physically separate them from each other by setting up multiple networks. This requires effort and money however. Another (free) option would be to install any penetration testing software in a virtual machine. However, it will still be on the same network as the other computer, but at least any vulnerabilities introduced as a result will only effect the VM and not your main computer. Quote Link to comment Share on other sites More sharing options...
blackriver Posted November 16, 2010 Author Share Posted November 16, 2010 That second solution is actually not so bad... I could keep the fileserver steady and stable, and do my crazy coding and pentesting from a virtual machine. One other thing, would drive/partition/directory encryption do any good in this case? Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted November 16, 2010 Share Posted November 16, 2010 There are lots of things you can do. You could, for example, get a second computer and physically separate them from each other by setting up multiple networks. This requires effort and money however. Another (free) option would be to install any penetration testing software in a virtual machine. However, it will still be on the same network as the other computer, but at least any vulnerabilities introduced as a result will only effect the VM and not your main computer. If you must have the networks separated, you can install a second NIC in your system and bind your virtual NIC to the second NIC on the machine and use VLANS/firewalls/whatever to segment your network. I would be very hesitant to leave a lot of tools on a machine that is left alone like a file server. For me, I would not even have compilers installed on it, but that may be a little too paranoid for some. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted November 18, 2010 Share Posted November 18, 2010 If you must have the networks separated, you can install a second NIC in your system and bind your virtual NIC to the second NIC on the machine and use VLANS/firewalls/whatever to segment your network. I would be very hesitant to leave a lot of tools on a machine that is left alone like a file server. For me, I would not even have compilers installed on it, but that may be a little too paranoid for some. There is always the possibility of encrypting the drive, if paranoia is really a concern for you. Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted November 18, 2010 Share Posted November 18, 2010 There is always the possibility of encrypting the drive, if paranoia is really a concern for you. The files themselves were not my concern, but rather having all of the tools available to compile software would be. Without headers, dev packages, and compilers, the box would be a little less useful to someone other than myself. File servers are great to tip because people tend to ignore them for the most part, they are great for launching...well, nevermind :). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.