September 12, 201312 yr That CM case is the ticket tho. Esp if i can turn off those LEDs. A judicious application of wire snips will kill the LEDs on a LED fan -- done it many time
September 12, 201312 yr I'll def look into the vpn route for an added layer of security. But, encryption seems above and beyond what i'd need. Fair enough...it is important that you make the decision based on your own requirements. It would be nice if i could limit the boxes to connecting with each other, my 2 workstations and my laptop tho. I suppose that's what passwords+vpns are for. Is there a way to tell an unraid box to ignore the internet? Could a box be connected directly to the lan port on a workstation and not see the web at all? I know that would add a headache to my remote mirror but i think i already have an idea for that. Well, VPN is the way to go when accessing unRAID from the outside world. unRAID is not hardened in any way, so going the VPN route for that is the right way of doing it. You can build a site-to-site connection for two remote servers with that as well. Make sure you use personal certificates for accessing/security with the VPN...not one, single static key for all. You can use ACLs in unRAID to have folders require user+pwd to access these. The router firewall can be instructed, to block certain computers from internet access. Use this to block outgoing traffic to your WAN interface.for the unRAID box. If you want to secure access to some no. of known machines internally on the same network, like limit to MAC addresses, this is hard to achieve without physical protection. Someone plugging the unRAID network cable into his/her workstation could get access easily. ...a lot of trouble to go through (see bleow). I'd say, ACLs should do the trick for most "attackers" from inside. Hint for inside protection on the network layer (additional to ACLs): To set this up, you could employ a second router (without internet line), put unRAID in and into a different IP-network....or a smart switch could do that based on MACs. Then instruct the Firewall of that router or the switch to only accept traffic from certain IPs or MACs. If you see that danger you can lock away the unRAID box and second router and secure the connection (the "only" cable" to your unRAID) between the routers with a VPN as well. Limit the access to the internal VPN ,on the first router firewall to your list of MAC-addresses. And secure the router with a good password (this you should do anyway, and disable access to router-config on the WAN side...use VPN for that if need be).
September 12, 201312 yr We just use "hidden in plain site" security here. The servers offsite are without USB boot keys and are grunged up with some duct tape to look like junk. Nobody would give them a second look. Onsite we have things bolted a we bit tighter. We have a password on our WiFi. ;-) We don't want to lock ourselves out. If any hacker is able to profit from our images he is smarter than me because I can't. I'll hire him in a heartbeat. Sent from my mobile
September 12, 201312 yr Author If any hacker is able to profit from our images he is smarter than me because I can't. I'll hire him in a heartbeat. Don't i know it...
Archived
This topic is now archived and is closed to further replies.