Considerations
By hosting a service, we must act as designers, developers and systems administrators. Whether it is on the open internet, available to a select few, or only for your personal use – we must make sure we consider how we can safely approach it.
Hosting your own personal cloud server can provide a great deal of digital utility, but maintaining one can come with a great deal of responsibility. We must be proactive in maintaining privacy and security – for ourselves and any community whose trust we are seeking to maintain.
We will be exploring these important considerations and what we can do to address them. Depending on how you'll be using your services, you may not need to take the same measures as someone else. Making these decisions requires we consider our needs, our audience and how we'll balance the security with convenience for our server.
Learning to balance security and privacy while creating an intuitive and approachable experience can be a difficult task, but it is perhaps the most important. While building a digital ecosystem, you'll quickly find that every decision is a trade-off between security and convenience.
Along one end, security allows us to prevent unauthorized access so we can protect private and sensitive information. We can take proactive measures by using strong randomly generated passwords, enforcing data encryption and enabling two-factor authentication.
However, as we add more steps to the process, the user experience can become more difficult to use. Remembering multiple unique passwords and entering a constantly changing authentication code every time we log in can be annoying.
The more secure we create a system, the more restricting it will generally become. It is not uncommon for the hardest part of secure tools being that they're simply hard to learn to use. If we were to use the most secure enterprise tools available, we'd have to sacrifice usability and convenience – both for setup and continued usage.
In practice, there cannot be a system that is fully secure because then we would never be able to access it. To that end, convenience is important to consider because it can affect and inform how people will use that system.
When a user is frustrated by the inconvenience of remembering multiple random passwords, they may seek to remove a step in the process by writing down the password and attaching them to the monitor. People may hunt down insecure ways to access a system – decreasing security for everyone.
We need to find an ideal medium between our control over a system and our ability to use it. Threat modeling is a necessity to understand that balance point for our purposes. Through four targeted questions, we will explore how these apply to us.
Threat Models
Security is not a checklist of steps to be completed, but an active and ongoing discussion's. When stopping to consider the largest and most likely threats to our security, we have begun to create a threat model. They are a vitally important step to building a relationship with security.
In cyber security, a threat is any event undermines your ability to keep your data private and system secure. This can be the intentional actions of a malicious actor, an accidentally unsecured website offering a backdoor, or people intentionally getting around confusing security measures.
It's impossible to plan for every potential edge case, which is why a threat model focuses on the most probable and critical threats. Once we have a better understanding of these weaknesses, we can create safeguards and prioritize countermeasures.
The threat model outlines a defensive gameplan that provides a systematic overview. This covers what the system will be, who will have access, who might attack and why, as well as what they're hoping to acquire and how they might do it.
|
Orbit |
System This covers what exactly we are trying to protect – what it does, how it does it, and why it is important to us. This will help us understand the boundaries of the system we need to work on protecting.
|
| Encrypted |
Authorized Access By having a greater understanding of who should be authorized to access our system, we can begin to setup access controls that define who has the ability to use different parts of the system.
|
| Report |
Malicious Actor Once we know who is allowed to interact with our system, we'll be better able to describe who shouldn't be. A threat actor is any person or collective that attempt to exploit vulnerabilities in order to gain unauthorized access that allows them to perform a targeted attack to extract data or disrupt operations.
|
| Trophy |
Motivation It is important to consider why a malicious actor might choose to commit cyber crime. While hackers may be state- or corporate-sponsored, there are also more personally motivated reasons: stealing money, extracting private data, fulfilling an agenda or simply for the thrill of getting away with hacking.
|
| Target |
Target An important facet to consider while deciphering an attackers motivation is their target and what they're hoping to acquire. When a hacker is seeking money, they may steal it directly – or extort it through malware that encrypts personal data behind a paywall.
|
| Bomb |
Attack Vector When a malicious actor has made the decision to attack to get their desired target, they will need to figure out how. Depending on what they're after, there are various strategies they can employ – each informed by what they're hoping to achieve.
|
While considering these facets of security, you might start to see the ways it can be broken. By creating a threat model, we can identify key weaknesses and implement safeguards throughout its lifetime. This is not checklist, but instead an ongoing discussion to surface any potential (and emergent) flaws.
Through a series of questions, we will explore the potential weaknesses within the systems outlined within these guides. Alongside exploring how to proactively protect against these potential attack vectors, you will need to explore whether they're the right option for you.
How Large is Your Community?
This is important to identify because it can help us draw boundaries around potential malicious actors. When hosting a small server for your own personal use, there are far fewer people you need to worry about overall. Meanwhile, orchestrating several websites each catering to a hundred people has much more risk involved.
The cloud server systems provided by this guide are similar techniques to large companies – but they have a magnitude of scale more computing power. Realistically, a refurbished workstation and the tools provided herein will work decently well for supporting up to twenty-five people. The quality of their service depends on several factors:
|
Language |
Internet Connection When hosting a web server, one key component is the quality of your Internet connection. This is imperative for maintaining performance, stability and a pleasant user experience.
Imagine that your home's internet connection is a pipe connecting you to a service provider. You can measure how fast data moves through the pipe, as well as how wide the pipe is – effectively transporting more data over time.
This is the difference between speed and bandwidth. While speed is often concretely measured in M/bits, bandwidth can be more difficult to define. For a residential connection, the bandwidth may be shared among multiple homes or families. Additionally, the connection technology – like cable or mobile broadband – can dictate how much data can be transmitted concurrently. |
| Power |
Power Requirements Hosting a computer server and operating all of the required peripherals requires electricity. This may change over time as your needs evolve and you add hardware to fulfill them.
The more powerful the computer, the greater those requirements – while a mini PC may need 150W, a workstation can requires upwards of 600W. This can cause a strain on house wiring and greatly increase your monthly power bill.
When possible, try to spread out your power draw among multiple sockets.
|
| Moving |
Scaling When it comes to hosting a digital space, it is important to consider how needs will grow. Our requirements have a tendency to scale over time – more storage, extra power and faster internet.
When hosting a media server, digital files can require more hard drive storage. Providing service to more people requires greater bandwidth and more powerful hardware – all of which costs additional money. While these necessities take some time to surface, it can be helpful to plan for upgrades going in.
|
| Gavel |
Legal Concerns Depending on what you will be using your server for, there may be legal concerns that must be considered. By offering services to people over the internet, we are entering a contract with our community.
|
| Diversity_3 |
Community Dynamics When offering services to a community, you must keep in mind the support you will need to provide. This will manifest differently depending on the services you are hosting.
|
What is Your Attack Surface?
https://en.m.wikipedia.org/wiki/Attack_surface
The attack surface of a software environment is the sum of the different points (for "attack vectors") where an unauthorized user (the "attacker") can try to enter data to, extract data, control a device or critical software in an environment.[1][2] Keeping the attack surface as small as possible is a basic security measure.[3]
What is your attack surface, i.e. is it your local machine? a LAN? your entire home? data over the Internet? A worldwide enterprise? That determines how much you have to do
Worldwide digital change has accelerated the size, scope, and composition of an organization's attack surface. The size of an attack surface may fluctuate over time, adding and subtracting assets and digital systems (e.g. websites, hosts, cloud and mobile apps, etc.). Attack surface sizes can change rapidly as well. Digital assets eschew the physical requirements of traditional network devices, servers, data centers, and on-premise networks. This leads to attack surfaces changing rapidly, based on the organization's needs and the availability of digital services to accomplish it.
An attack surface composition can range widely between various organizations, yet often identify many of the same elements, including:
-
- Autonomous System Numbers (ASNs)
- IP Address and IP Blocks
- Domains and Sub-Domains (direct and third-parties)
- SSL Certificates and Attribution
- WHOIS Records, Contacts, and History
- Host and Host Pair Services and Relationship
- Internet Ports and Services
- NetFlow
- Web Frameworks (PHP, Apache, Java, etc.)
- Web Server Services (email, database, applications)
- Public and Private Cloud
Due to the increase in the countless potential vulnerable points each enterprise has, there has been increasing advantage for hackers and attackers as they only need to find one vulnerable point to succeed in their attack.[4]
There are three steps towards understanding and visualizing an attack surface:
Step 1: Visualize. Visualizing the system of an enterprise is the first step, by mapping out all the devices, paths and networks.[4]
Step 2: Find indicators of exposures. The second step is to correspond each indicator of a vulnerability being potentially exposed to the visualized map in the previous step. IOEs include "missing security controls in systems and software".[4]
Step 3: Find indicators of compromise. This is an indicator that an attack has already succeeded.[4]
Keeping a system secure relies on maintaining the CIA triad: confidentiality (no unauthorized access), integrity (no unauthorized modification), and availability.[5] Although availability is less important for some web-based services, it can be the most crucial aspect for industrial systems.[6]
Who do I want to protect it from?
What do you consider an attack?
|
Domino_mask |
Denial of Service DDos Crowdsec Cloudflare under attack mode |
|
person |
Unauthorized Access Malicious Actor limiting user access two factor Vpn vs proxy A VPN requires preconfigured authentication to access the server, whereas a proxy server provides access to the general public that can then have layers of security added. Monitoring services Phishing |
|
person |
Data Leaks LAN access vs server only access (127.0.0.1:80:80) vs 80:80 Within docker, containers can be configured to be accessible over the local network to all computers, as well as restricted to access from only the local machine. This means you can open it while using a browser on the server computer, but your other computers cannot access it over the network. Docker vs vm vs bare metal When running all your services through your bare operating system, such as on Debian, there is possibility for a vulnerability in that application to breach containment and effect other applications. By using a docker container, these processes are virtually separated into different operating systems that make it more difficult for a vulnerability in one container to affect the others. PhishingSQL injection
|
|
deployed_code_account |
Brute Force Attack Brute force https://en.m.wikipedia.org/wiki/Brute-force_attack In cryptography, a brute-force attack or exhaustive key search is a cryptanalytic attack that consists of an attacker submitting many possible keys or passwords with the hope of eventually guessing correctly. This strategy can theoretically be used to break any form of encryption that is not information-theoretically secure.[1] However, in a properly designed cryptosystem the chance of successfully guessing the key is negligible. intrusion protection services Fail2ban |
| Person_edit |
Web Crawler bots and web crawlers https://en.m.wikipedia.org/wiki/Web_crawler Web crawler, sometimes called a spider or spiderbot and often shortened to crawler, is an Internet bot that systematically browses the World Wide Web and that is typically operated by search engines for the purpose of Web indexing (web spidering).[1] Crawlers consume resources on visited systems and often visit sites unprompted. Issues of schedule, load, and "politeness" come into play when large collections of pages are accessed. Mechanisms exist for public sites not wishing to be crawled to make this known to the crawling agent. For example, including a Claude ai bots https://en.m.wikipedia.org/wiki/Claude_(language_model)
|
Encryption
https://en.wikipedia.org/wiki/Encryption
In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.
|
Domino_mask |
Data at Rest disk encryption encryption at rest https://en.wikipedia.org/wiki/Data_at_rest Data at rest in information technology means data that is housed physically on computer data storage in any digital form (e.g. cloud storage, file hosting services, databases, data warehouses, spreadsheets, archives, tapes, off-site or cloud backups, mobile devices etc.). Data at rest includes both structured and unstructured data.[1] This type of data is subject to threats from hackers and other malicious threats to gain access to the data digitally or physical theft of the data storage media. To prevent this data from being accessed, modified or stolen, organizations will often employ security protection measures such as password protection, data encryption, or a combination of both. The security options used for this type of data are broadly referred to as data-at-rest protection (DARP).[2]
|
|
person |
Data in Use encryption in use https://en.wikipedia.org/wiki/Data_in_use https://phoenixnap.com/blog/encryption-in-use Data in use is an information technology term referring to active data which is stored in a non-persistent digital state or volatile memory, typically in computer random-access memory (RAM), CPU caches, or CPU registers.[1] Scranton, PA data scientist Daniel Allen in 1996 proposed data in use as a complement to the terms data in transit and data at rest, which together define the three states of digital data.
|
|
person |
Data in Transit Https enceyption
encryption in transit https://en.wikipedia.org/wiki/Data_in_transit Data in transit, also referred to as data in motion[1] and data in flight,[2] is data en route between source and destination, typically on a computer network. Data in transit can be separated into two categories: information that flows over the public or untrusted network such as the Internet and data that flows in the confines of a private network such as a corporate or enterprise local area network (LAN).[3] Data in transit is used as a complement to the terms data in use, and data at rest which together define the three states of digital data.[4] end to end encryption |
using all three to ensure data is always encrypted.
Security by obscurity
https://en.wikipedia.org/wiki/Security_through_obscurity
In security engineering, security through obscurity is the practice of concealing the details or mechanisms of a system to enhance its security. This approach relies on the principle of hiding something in plain sight, akin to a magician's sleight of hand or the use of camouflage. It diverges from traditional security methods, such as physical locks, and is more about obscuring information or characteristics to deter potential threats. Examples of this practice include disguising sensitive information within commonplace items, like a piece of paper in a book, or altering digital footprints, such as spoofing a web browser's version number. While not a standalone solution, security through obscurity can complement other security measures in certain scenarios.[1]
Security by obscurity alone is discouraged and not recommended by standards bodies.
This assumes that secrets will stay secret.
Open security
https://en.wikipedia.org/wiki/Open_security
Open security is the use of open source philosophies and methodologies to approach computer security and other information security challenges.
Traditional application security is based on the premise that any application or service (whether it is malware or desirable) relies on security through obscurity.
kill switch
What is The Value of Your Data?
- What do I want to protect?
- How likely is it that I will need to protect it?
- How bad are the consequences if I fail?
- What is the value of the data? Does a hacker care about Joe Schmo? Probably not. But do you have confidential company data, or are you an important stakeholder? Well, now you've suddenly become a bigger target.
- How important is it to someone else, and how important is it to you, your security, identity and privacy?
-
Privacy ensures that unauthorized parties do not have access to your information and that you continue to control your personally identifiable information (PII). Therefore, Data privacy primarily deals with procedures and policies governing the collection, storage, and use of PII and proprietary company information such as trade secrets, personnel, and internal processes. PII is highly confidential because of the civil and criminal liability companies and individuals face if improper disclosure is allowed overtly or due to unintended data security breaches.
To ensure privacy, you need more than a specific technology or set of technologies. This includes training all employees who have access to sensitive data about approved data protection processes. Just as airline pilots use checklists to ensure that essential items are checked before a flight and monitored during flight, IT professionals must also be willing to use privacy policies and other resources to protect PII and other sensitive information. In particular, to ensure privacy, IT professionals must have a set of policies, and processes detailing how organizations and their employees collect, store, and use sensitive data on all systems. This privacy policy aims for all employees to recognize the importance of privacy, understand how to prevent inappropriate disclosure of information, and deal with privacy issues and policy violations.
Data breaches are no longer just embarrassing or inconvenient for businesses. Currently, privacy laws such as GDPR impose penalties for failing to protect the privacy of PII and other sensitive personal information. These compliance standards may impose financial penalties and criminal charges for PII's intentional and, in some cases, unintentional disclosures. GDPR imposes privacy standards and legal requirements on all companies that store or process the personal information of EU residents. -
What Is Data Security?
Data security uses physical and logical strategies to protect information from data breaches, cyber-attacks, and accidental or intentional data loss. Specifically, technologies and techniques used to prevent:
- Unauthorized access
- The deliberate loss of sensitive data
- Accidental loss or corruption of sensitive data
Examples of measures to ensure data security include data encryption, both at rest and in transit, and physical and logical access control to prevent unauthorized access. Specific techniques include multi-factor authentication, multiple layers of network and application-level access control, and detection and isolation of rogue devices after connecting to the network. Regular backups and a proven disaster recovery plan are essential parts of data security.
In short, data security is based on a technically sophisticated and comprehensive approach to protecting all networks, applications, devices, and data stores within an enterprise IT infrastructure. - The best way to understand the difference between data security and privacy is to look at the mechanisms used in your data security and privacy policies. Privacy policies control how data is collected, processed, and stored. While your organization's data security is more robust, detailing physical and logical controls to secure data. The way you collect, store, or distribute that data can violate your privacy policy. For example, enterprises can ensure that sensitive information is encrypted, masked, and restricted adequately to authorized parties. However, improper collection of this data, such as not obtaining informed consent from the data owner before collecting the data, does not change the security of the data but violates data privacy rules.
- Is this a vulnerable community?
- Vulnerable communities are groups within a population that face a higher risk of negative health, social, or economic outcomes due to various factors. These factors can include social, economic, political, and environmental components, as well as limitations due to illness or disability. Examples include people with disabilities, low-income individuals, racial and ethnic minorities, and those experiencing homelessness.
- Social:
Poverty, lack of access to healthcare, discrimination, limited English proficiency, and social isolation can all increase vulnerability.
Economic:
Low income, unemployment, and lack of access to financial resources can make individuals more susceptible to hardship.
Political:
Marginalization, lack of political representation, and policies that disproportionately affect certain groups can contribute to vulnerability.
Environmental:
Living in areas prone to natural disasters, pollution, or lack of access to clean water can create vulnerability.
Health-related:
Disabilities, chronic illnesses, and mental health conditions can limit an individual's ability to cope with challenges.
Examples of Vulnerable Communities:
People with disabilities:
May face physical and social barriers, limiting their access to employment, healthcare, and other essential services.
Racial and ethnic minorities:
May experience discrimination, systemic barriers, and disparities in health and socioeconomic outcomes.
Low-income individuals and families:
May struggle to afford basic necessities, access healthcare, and live in safe environments.
Individuals experiencing homelessness:
Face high risks of health problems, violence, and social exclusion.
Elderly individuals:
May be more susceptible to illness, social isolation, and financial hardship.
Children:
May be particularly vulnerable to neglect, abuse, and the effects of poverty and environmental hazards.
LGBTQIA+ individuals:
May face discrimination and social stigma, leading to increased risks of mental health issues and violence.
Migrant workers:
May be vulnerable to exploitation, low wages, and lack of access to legal protections.- Prisoners
- Should this data be accessible to the outside world, should it even be digitized?
- Is this information about your personal media collection or is it access to all of your financial data?
- Physical and digital security
- Physically locking down a computer
How Much Effort Are You Willing to Spend?
- How much trouble am I willing to go through to try to prevent potential consequences?
- How much time, money and effort are you willing to put into your security? Remember, there are entire companies dedicated to security, and entire SOC's whose sole job is monitoring for security incidents and even they don't catch everything. These organizations have multiple experts, layers of defense and constant monitoring, but the data they protect is worth it (see #2 above). How much effot you're willing to put in determines how many steps you need to take.
- Documentation
- Resources
- Updates & Upgrades
- Hardware and software
- Integration
- what you can handle yourself vs what you need a dedicated professional for.