Keeping a home server safe

Leave a Comment / Computing / By

Summary

Keep the home server safe from:

  • Hard drive failure
  • Loss of data, disaster
  • Network attacks

Background

With a home server, it is important to protect against certain disasters. After all, it is likely that precious data will be stored on the server. This could range from the family photos or documents, home automation setup, virtual machines, carefully setup services… So what could go wrong:

Hard drive failure

Every hard drive eventually fails, and the more hard drive we have, the more likely it is going to happen to us. The server is built with RAID 1 configuration for the hard drives. It means they mirror each other. Should one fail,  the other one is still operational, and contains all our data. It is easy enough to replace the failed drive with a similar drive, and recover from it.

Data loss

RAID does not protect against data loss: if you delete something, it’s gone from all hard drives. This is where a backup plan comes into play. We need to be able to backup data, so should something happen, we can recover it. We’ll look at backing up the operating system, home folders, and specific folders. We’ll also look at backing up off-site, or on a remote computer. This will protect against major disaster, where the whole server is lost, like in a fire or flooding.

Network attacks

While we use the Internet router to control what ports are opened to the Internet, and the chance of attacks from inside the home network is close to null, this doesn’t really protect against targeted attacks. If we have a web server visible on the Internet, it can become the target for web server types of attacks. We need more control, and a way to control who (which IP address) can access the server, and block address that present a threat. This is what a firewall is for. The Internet router is the pub door: any body can get in. The firewall is our bouncer: it will throw out any one that doesn’t behave, and not allow entry to anyone looking suspicious.

Alerts

While the server is monitored to keep is safe, it is a good idea to enable it to send email, so when an event is detected, we can choose to get an email alert.

Solution

First step will be to enable the server to send emails. We’ll setup ssmtp.

We’ll configure the RAID service to send an email alert if a hard drive fails, and document how to replace the hard drive, and restore the RAID device to normal state.

The root, boot and home partitions will be backed up in the data folder, with the option to do remote backups to another computer. This is schedule to run automatically. Other specific folders will also be part of a backup plan, like shared folders. Some will be manual backup with a script, others will be scheduled.

And for network protection, we’ll implement a firewall on the server, open the relevant ports, and setup monitoring and blocking for the services exposed to the Internet: the Apache web server and SSH for remote access.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close