Skip to main content

Considerations

By hosting a service, we must act as designers, developers and systems administrators.  Whether it is on the open internet, available to a select few, or only for your personal use – we must make sure we consider how we can safely approach it.

Hosting your own personal cloud server can provide a great deal of digital utility, but maintaining one can come with a great deal of responsibility.  We must be proactive in maintaining privacy and security – for ourselves and any community whose trust we are seeking to maintain.  

We will be exploring these important considerations and what we can do to address them.  Depending on how you'll be using your services, you may not need to take the same measures as someone else.  Making these decisions requires we consider our needs, our audience and how we'll balance the security with convenience for our server.

1000000719.png

Learning to balance security and privacy while creating an intuitive and approachable experience can be a difficult task, but it is perhaps the most important.  While building a digital ecosystem, you'll quickly find that every decision is a trade-off between security and convenience.

Along one end, security allows us to prevent unauthorized access so we can protect private and sensitive information.  We can take proactive measures by using strong randomly generated passwords, enforcing data encryption and enabling two-factor authentication. 

However, as we add more steps to the process, the user experience can become more difficult to use.  Remembering multiple unique passwords and entering a constantly changing authentication code every time we log in can be annoying. 

The more secure we create a system, the more restricting it will generally become.  It is not uncommon for the hardest part of secure tools being that they're simply hard to learn to use.  If we were to use the most secure enterprise tools available, we'd have to sacrifice usability and convenience – both for setup and continued usage.

In practice, there cannot be a system that is fully secure because then we would never be able to access it.  To that end, convenience is important to consider because it can affect and inform how people will use that system. 

When a user is frustrated by the inconvenience of remembering multiple random passwords, they may seek to remove a step in the process by writing down the password and attaching them to the monitor.  People may hunt down insecure ways to access a system – decreasing security for everyone.

We need to find an ideal medium between our control over a system and our ability to use it.  Threat modeling is a necessity to understand that balance point for our purposes.  Through four targeted questions, we will explore how these apply to us.

Threat Models

Security is not a checklist of steps to be completed, but an active and ongoing discussion's.  When stopping to consider the largest and most likely threats to our security, we have begun to create a threat model.  They are a vitally important step to building a relationship with security.

In cyber security, a threat is any event undermines your ability to keep your data private and system secure.  This can be the intentional actions of a malicious actor, an accidentally unsecured website offering a backdoor, or people intentionally getting around confusing security measures.

It's impossible to plan for every potential edge case, which is why a threat model focuses on the most probable and critical threats.  Once we have a better understanding of these weaknesses, we can create safeguards and prioritize countermeasures.

The threat model outlines a defensive gameplan that provides a systematic overview.  This covers what the system will be, who will have access, who might attack and why, as well as what they're hoping to acquire and how they might do it.

Orbit

The System

The 

 

Encrypted

Authorized Access

The 

 

Person_cancel

Malicious Actors

The 

 

Trophy

Motivation

The 

 

Target

Target

The 

 

Bomb

Attack Vector

The 

 

Threat modeling answers questions like "Where am I most vulnerable to attack?", "What are the most relevant threats?", and "What do I need to do to safeguard against these threats?". 

https://www.threatmodelingmanifesto.org//

Threat Modeling Manifesto 

At the highest levels, when we threat model, we ask four key questions:

  1. What are we working on?
  2. What can go wrong?
  3. What are we going to do about it?
  4. Did we do a good enough job?

When you perform threat modeling, you begin to recognize what can go wrong in a system. It also allows you to pinpoint design and implementation issues that require mitigation, whether it is early in or throughout the lifetime of the system. The output of the threat model, which are known as threats, informs decisions that you might make in subsequent design, development, testing, and post-deployment phases. 

How should I use the Threat Modeling Manifesto?

Use the Manifesto as a guide to develop or refine a methodology that best fits your needs. We believe that following the guidance in the Manifesto will result in more effective and more productive threat modeling. In turn, this will help you to successfully develop more secure applications, systems, and organizations and protect them from threats to your data and services. The Manifesto contains ideas, but is not a how-to, and is methodology-agnostic.

The Threat Modeling Manifesto follows a similar format to that of the Agile Manifesto by identifying the two following guidelines:

  • Values: A value in threat modeling is something that has relative worth, merit, or importance. That is, while there is value in the items on the right, we value the items on the left more.
  • Principles: A principle describes the fundamental truths of threat modeling. There are three types of principles: (i) fundamental, primary, or general truths that enable successful threat modeling, (ii) patterns that are highly recommended, and (iii) anti-patterns that should be avoided.

Values

We have come to value:

  • A culture of finding and fixing design issues over checkbox compliance.
  • People and collaboration over processes, methodologies, and tools.
  • A journey of understanding over a security or privacy snapshot.
  • Doing threat modeling over talking about it.
  • Continuous refinement over a single delivery.

Principles

We follow these principles:

    The best use of threat modeling is to improve the security and privacy of a system through early and frequent analysis.
    Threat modeling must align with an organization’s development practices and follow design changes in iterations that are each scoped to manageable portions of the system.
    The outcomes of threat modeling are meaningful when they are of value to stakeholders.
    Dialog is key to establishing the common understandings that lead to value, while documents record those understandings, and enable measurement.

https://www.privacyguides.org/en/basics/threat-modeling/

Focusing on the threats that matter to you narrows down your thinking about the protection you need, so you can choose the tools that are right for the job.

Creating Your Threat Model

To identify what could happen to the things you value and determine from whom you need to protect them, you should answer these five questions

How Large is Your Community?

  • This setup works well for a small group up to give people but can also work for a small business of up to 25 people when the appropriate hardware is used

  • Internet
  • Bandwidth
  • Bandwidth represents the "width" of the data pipe between your server and the internet. A wider pipe (higher bandwidth) means more data can flow through it simultaneously. 
  • Website Performance:
    Adequate bandwidth ensures your website loads quickly for users, providing a smooth and responsive experience. This is especially important during traffic spikes.
  • Server Stability:
    Sufficient bandwidth prevents server overload and potential crashes during periods of high traffic, ensuring your website remains accessible. 
    User Experience:
    Fast loading times contribute to a better user experience, which can improve visitor engagement and reduce bounce rates. 

  • Power requirements 
  • Multiple computer systems can cause strain on residential power systems.  Try to spread out computers to multiple sockets.  Computers use more power under load so you may need to run a stress test. 

  • Scaling
  • hardware (hard drive)
  • Internet
  • power
  • Adding more users bandwidth resources and hardware

What is Your Attack Surface?

  • What is your attack surface, i.e. is it your local machine? a LAN? your entire home? data over the Internet? A worldwide enterprise? That determines how much you have to do
  • https://en.m.wikipedia.org/wiki/Attack_surface
  • The attack surface of a software environment is the sum of the different points (for "attack vectors") where an unauthorized user (the "attacker") can try to enter data to, extract data, control a device or critical software in an environment.[1][2] Keeping the attack surface as small as possible is a basic security measure.[3]
  • Worldwide digital change has accelerated the size, scope, and composition of an organization's attack surface. The size of an attack surface may fluctuate over time, adding and subtracting assets and digital systems (e.g. websites, hosts, cloud and mobile apps, etc.). Attack surface sizes can change rapidly as well. Digital assets eschew the physical requirements of traditional network devices, servers, data centers, and on-premise networks. This leads to attack surfaces changing rapidly, based on the organization's needs and the availability of digital services to accomplish it.

  • An attack surface composition can range widely between various organizations, yet often identify many of the same elements, including:

  • Due to the increase in the countless potential vulnerable points each enterprise has, there has been increasing advantage for hackers and attackers as they only need to find one vulnerable point to succeed in their attack.[4]

    There are three steps towards understanding and visualizing an attack surface:

    Step 1: Visualize. Visualizing the system of an enterprise is the first step, by mapping out all the devices, paths and networks.[4]

    Step 2: Find indicators of exposures. The second step is to correspond each indicator of a vulnerability being potentially exposed to the visualized map in the previous step. IOEs include "missing security controls in systems and software".[4]

    Step 3: Find indicators of compromise. This is an indicator that an attack has already succeeded.[4]

  • Keeping a system secure relies on maintaining the CIA triad: confidentiality (no unauthorized access), integrity (no unauthorized modification), and availability.[5] Although availability is less important for some web-based services, it can be the most crucial aspect for industrial systems.[6]
  • Who do I want to protect it from?

What do you consider an attack?

Domino_mask

Public Access

Unless 

person

Unauthorized Access

Malicious Actor

deployed_code_account

Brute Force Attack

This 
Person_edit

Web Crawler

Once 

  • What do you consider an attack?
    • Brute force
    • https://en.m.wikipedia.org/wiki/Brute-force_attack
    • In cryptography, a brute-force attack or exhaustive key search is a cryptanalytic attack that consists of an attacker submitting many possible keys or passwords with the hope of eventually guessing correctly. This strategy can theoretically be used to break any form of encryption that is not information-theoretically secure.[1] However, in a properly designed cryptosystem the chance of successfully guessing the key is negligible.
    • Malicious actors
    • https://en.m.wikipedia.org/wiki/Threat_actor
    • In cybersecurity, a threat actor, bad actor or malicious actor is either a person or a group of people that take part in malicious acts in the cyber realm including: computers, devices, systems, or networks.[1] Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations.[2] Threat actors have different educational backgrounds, skills, and resources.[1] The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors.[3] These threat actors all have distinct motivations, techniques, targets, and uses of stolen data.[4]
    • bots and web crawlers
    • https://en.m.wikipedia.org/wiki/Web_crawler

    • Web crawler, sometimes called a spider or spiderbot and often shortened to crawler, is an Internet bot that systematically browses the World Wide Web and that is typically operated by search engines for the purpose of Web indexing (web spidering).[1]

    • Crawlers consume resources on visited systems and often visit sites unprompted. Issues of schedule, load, and "politeness" come into play when large collections of pages are accessed. Mechanisms exist for public sites not wishing to be crawled to make this known to the crawling agent. For example, including a robots.txt file can request bots to index only parts of a website, or nothing at all.
    • Claude ai bots
    • https://en.m.wikipedia.org/wiki/Claude_(language_model)
  •  Encryption 
  • Security by obscurity
    • https://en.wikipedia.org/wiki/Security_through_obscurity
    • In security engineering, security through obscurity is the practice of concealing the details or mechanisms of a system to enhance its security. This approach relies on the principle of hiding something in plain sight, akin to a magician's sleight of hand or the use of camouflage. It diverges from traditional security methods, such as physical locks, and is more about obscuring information or characteristics to deter potential threats. Examples of this practice include disguising sensitive information within commonplace items, like a piece of paper in a book, or altering digital footprints, such as spoofing a web browser's version number. While not a standalone solution, security through obscurity can complement other security measures in certain scenarios.[1]
    • Security by obscurity alone is discouraged and not recommended by standards bodies.
    • This assumes that secrets will stay secret.
  • Open security
    • https://en.wikipedia.org/wiki/Open_security
    • Open security is the use of open source philosophies and methodologies to approach computer security and other information security challenges.
    • Traditional application security is based on the premise that any application or service (whether it is malware or desirable) relies on security through obscurity.
  • Vpn vs proxy
  • How to Remotely Connect
  • A VPN requires preconfigured authentication to access the server, whereas a proxy server provides access to the general public that can then have layers of security added.
  • LAN access vs server only access (127.0.0.1:80:80) vs 80:80
  • Within docker, containers can be configured to be accessible over the local network to all computers, as well as restricted to access from only the local machine. This means you can open it while using a browser on the server computer, but your other computers cannot access it over the network. 
  • limiting user access
  • This can be on the local server by restricting it only to the administrator.  This can also mean limiting access to services behind a tool like Authelia.
  • Docker vs vm vs bare metal 
  • When running all your services through your bare operating system, such as on Debian, there is possibility for a vulnerability in that application to breach containment and effect other applications.  By using a docker container, these processes are virtually separated into different operating systems that make it more difficult for a vulnerability in one container to affect the others.
  • intrusion protection services
    • Monitoring services
    • Swag dashboard
    • Fail2ban
    • Crowdsec
  • kill switch
  • Authelia
  • two factor
    • totp

What is The Value of Your Data?

  • What do I want to protect?
  • How likely is it that I will need to protect it?
  • How bad are the consequences if I fail?
  • What is the value of the data? Does a hacker care about Joe Schmo? Probably not. But do you have confidential company data, or are you an important stakeholder? Well, now you've suddenly become a bigger target.
  • How important is it to someone else, and how important is it to you, your security, identity and privacy?

  • Privacy ensures that unauthorized parties do not have access to your information and that you continue to control your personally identifiable information (PII). Therefore, Data privacy primarily deals with procedures and policies governing the collection, storage, and use of PII and proprietary company information such as trade secrets, personnel, and internal processes. PII is highly confidential because of the civil and criminal liability companies and individuals face if improper disclosure is allowed overtly or due to unintended data security breaches.

    To ensure privacy, you need more than a specific technology or set of technologies. This includes training all employees who have access to sensitive data about approved data protection processes. Just as airline pilots use checklists to ensure that essential items are checked before a flight and monitored during flight, IT professionals must also be willing to use privacy policies and other resources to protect PII and other sensitive information. In particular, to ensure privacy, IT professionals must have a set of policies, and processes detailing how organizations and their employees collect, store, and use sensitive data on all systems. This privacy policy aims for all employees to recognize the importance of privacy, understand how to prevent inappropriate disclosure of information, and deal with privacy issues and policy violations.

    Data breaches are no longer just embarrassing or inconvenient for businesses. Currently, privacy laws such as  GDPR impose penalties for failing to protect the privacy of PII and other sensitive personal information. These compliance standards may impose financial penalties and criminal charges for PII's intentional and, in some cases, unintentional disclosures. GDPR imposes privacy standards and legal requirements on all companies that store or process the personal information of EU residents.

  • What Is Data Security?

    Data security uses physical and logical strategies to protect information from data breaches, cyber-attacks, and accidental or intentional data loss. Specifically, technologies and techniques used to prevent:

    • Unauthorized access
    • The deliberate loss of sensitive data
    • Accidental loss or corruption of sensitive data

    Examples of measures to ensure data security include data encryption, both at rest and in transit, and physical and logical access control to prevent unauthorized access. Specific techniques include multi-factor authentication, multiple layers of network and application-level access control, and detection and isolation of rogue devices after connecting to the network. Regular backups and a proven disaster recovery plan are essential parts of data security.

    In short, data security is based on a technically sophisticated and comprehensive approach to protecting all networks, applications, devices, and data stores within an enterprise IT infrastructure.

  • The best way to understand the difference between data security and privacy is to look at the mechanisms used in your data security and privacy policies. Privacy policies control how data is collected, processed, and stored. While your organization's data security is more robust, detailing physical and logical controls to secure data. The way you collect, store, or distribute that data can violate your privacy policy. For example, enterprises can ensure that sensitive information is encrypted, masked, and restricted adequately to authorized parties. However, improper collection of this data, such as not obtaining informed consent from the data owner before collecting the data, does not change the security of the data but violates data privacy rules.
  • Is this a vulnerable community?
  • Vulnerable communities are groups within a population that face a higher risk of negative health, social, or economic outcomes due to various factors. These factors can include social, economic, political, and environmental components, as well as limitations due to illness or disability. Examples include people with disabilities, low-income individuals, racial and ethnic minorities, and those experiencing homelessness. 
  • Social:
    Poverty, lack of access to healthcare, discrimination, limited English proficiency, and social isolation can all increase vulnerability. 
    Economic:
    Low income, unemployment, and lack of access to financial resources can make individuals more susceptible to hardship. 
    Political:
    Marginalization, lack of political representation, and policies that disproportionately affect certain groups can contribute to vulnerability. 
    Environmental:
    Living in areas prone to natural disasters, pollution, or lack of access to clean water can create vulnerability. 
    Health-related:
    Disabilities, chronic illnesses, and mental health conditions can limit an individual's ability to cope with challenges. 

  • Examples of Vulnerable Communities:

        People with disabilities:
        May face physical and social barriers, limiting their access to employment, healthcare, and other essential services. 

    Racial and ethnic minorities:
    May experience discrimination, systemic barriers, and disparities in health and socioeconomic outcomes. 
    Low-income individuals and families:
    May struggle to afford basic necessities, access healthcare, and live in safe environments. 
    Individuals experiencing homelessness:
    Face high risks of health problems, violence, and social exclusion. 
    Elderly individuals:
    May be more susceptible to illness, social isolation, and financial hardship. 
    Children:
    May be particularly vulnerable to neglect, abuse, and the effects of poverty and environmental hazards. 
    LGBTQIA+ individuals:
    May face discrimination and social stigma, leading to increased risks of mental health issues and violence. 
    Migrant workers:
    May be vulnerable to exploitation, low wages, and lack of access to legal protections. 
  • Prisoners
  • Should this data be accessible to the outside world, should it even be digitized?
  • Is this information about your personal media collection or is it access to all of your financial data?
  • Physical and digital security 
  • Physically locking down a computer 

How Much Effort Are You Willing to Spend?

  • How much trouble am I willing to go through to try to prevent potential consequences?
  • How much time, money and effort are you willing to put into your security? Remember, there are entire companies dedicated to security, and entire SOC's whose sole job is monitoring for security incidents and even they don't catch everything. These organizations have multiple experts, layers of defense and constant monitoring, but the data they protect is worth it (see #2 above). How much effot you're willing to put in determines how many steps you need to take.
  • Documentation
  • Resources
  • Updates & Upgrades
  • Hardware and software
  • Integration
  • what you can handle yourself vs what you need a dedicated professional for.
Back to top