As I rely more on my home lab server, I’m starting to worry more about it getting stolen. If someone breaks into my home, I think the server will be a pretty attractive target.
Do y’all just stick it in a closet? That seems not great for cooling…
One of my neighbors recently got broken into.
Door lock and house alarm, also mines at the back of the garage with plenty of more easily stealable things in front of it.
…mines at the back of the garage…
Holy shit, you are serious about your physical security!
Mantraps that use deadly force are illegal in the United States, and in notable tort law cases the trespasser has successfully sued the property owner for damages caused by the mantrap. There is also the possibility that such traps could endanger emergency service personnel such as firefighters who must forcefully enter such buildings during emergencies. As noted in the important American court case of Katko v. Briney, “the law has always placed a higher value upon human safety than upon mere rights of property”.[5]
EDIT: I’d add that I don’t know about the “life always takes precedence over property” statement; Texas has pretty permissive use of deadly force in defense of property. However, I don’t think that anywhere in the US permits traps that make use of deadly force.
Don’t want to ruin the fun but he missed an apostrophe in the sentence. His stuff is in the back of the garage. “mine’s at the back of the garage”
Yeah, I saw, but it’s an interesting topic.
This has ruined my plans of making my car unstealable!
/s, I guess
It’s also kind of squished on some racking, and with it been a 4u rack case full of HDD it’s quite heavy. If you have made it this far in to the garage, you not only have done well but passed the beer collection and numerous cordless power tools. It also has a sign saying beware of the leopard.
Easily defeated by those who play Minesweeper.
Install a floppy drive. No one gonna steal a computer with one of those.
I once put my homelab rack outside of my apartment, in the hall. Then used it to catch a bastard who kept stealing my bike light, and later tried to snatch the whole bike.
Blinking lights don’t really attract thieves… gold ‘n’ cash does.
With that said… put it in a room you can keep closed at all times (watch the temps).And do have backups offsite.
The 42U rack in the basement will be… hard to steal.
I only use 3U of it for compute and all of it came from my university salvage for less than… $350 total (switch, rack, 2 servers).
Nothing any more than anything else in my house.
Anything confidential is encrypted with a password. Other stuff is replaceable. And would theoretically be covered by home insurance.
Its big enough that they will have to break back in to move it with a friend. Its built shitty enough that it will fall apart if they lift it. Its next to an attractive and less effort to steal TV.
TVs and game consoles also have much better fence value.
Encrypt your data period. A burglar isn’t going to worry about your home lab unless it’s oozing money from the look of it.
Your family and friends will be the ones to snoop your data. So know that and prepare accordingly.
A thief is going to steal car wheels, weapons, tools, electronics that seem resellable, gold and jewelry, things of immediate value to sell or trade for most likely drugs. Quick cash.
Server equipment is not on any normal burglar’s list of items to nab. It’s such a low risk I think it’s completely not worth worrying about.
It’s incredibly unlikely they’ll know what they’re looking at in the first place, and won’t be assed to carry out heavy switches and PC gear “just in case” to look it up later. They want to get in, check rooms and closets, drawers, etc and GTFO before you come home or a neighbor notices. Computers aren’t as expensive as they used to be. Gaming laptops might look attractive, but other than that you’re fine.
They want jewelry, cash, guns, good tools, silver, modern game consoles, expensive bicycles, etc. These are all things that are easy to carry and pawn or sell well on the street. Nobody is selling switch gear at a pawn shop or to random people, so even if they know the value of what they’re looking at (extremely unlikely) they’ll leave it because it’s too hard to fence.
If you’re that worried about theft then set up good full disk encryption and have off-site backups of your data (should do that anyways) but you don’t need to worry about physical security at home, at least not specifically in regards to your home lab.
Businesses are at much higher risk for hardware theft, from employees or from others that are targeting the locations specifically because they DO understand the value and have a way to offload the gear, but those same people won’t be randomly breaking into people’s houses hoping they’ve got Cisco gear in a closet somewhere.
This is probably the best answer. I worked as a locksmith in a high value city (think started that ends with “A” and the city ends in “beach”)
You really have to think like a thief sometimes, and most times thieves don’t know shit about racks.
I build from ewaste and keep things deliciously trashy looking.
I say this with full sincerity as someone who worked security, this will absolutely get it ignored in the case of a break in.
Let me guess you don’t have cats
That M.2 is the first to break its neck
That nvme drive just hanging out next to the power cord is giving me a type of anxiety I never knew I had, thanks.
Security by trashcurity, brilliant!
Actually you got me thinkng about some of my pieces.
But overall i agree with most of the thread here. Properly rack it, and secure the rack. Then basic locking does the rest (secure a rack door with a lock).
Security cameras system help police catch theives.
Encryption on data you care about and off site back ups meqns rebuilding is just getting the hardware again.
For mini pcs and laptops they have those security cables to at least attach them to a heavier thing (desk, cabinet, etc). (this is the thing i hadn’t thought about).
Finding obsure places to hide my nodes is practical matter for me, because space is always a premium, so over sizing cooling solutions (liquid cooling to big radiators) and then finding wierd places to tuck them away (i mean why cant a computer rack be a night stand, the raspberry pi is clustered anyway why not stick in a lamp, the crawl space is actually always dry there and nice and cool to boot!, etc, etc). That probally adds some* factor to it.
The consumer stuff i have is a more likly target then the SOC or server stuff though. At least for me.
Backup and encryption. encryption prevents the thief to see my data, backup allows me to make a new server. Furthermore, as other pointed out, I don’t expect that a common thief will see a lot of value in a small black box on top of a shelf
Backup and encryption
Yeah, I guess this is the solution. Encryption I get. But where do you backup to? I currently have about 4TB of data and was thinking of at least doubling capacity soon. How expensive is it to backup 8TB of data somewhere?
I put a tiny NAS in my parents’ house (cheapest ARM synology 2-bay). It backs up their computers (a first, of course, but the photos are safe now!) and my server sends its TBs to there too. Upfront is large because you need to put in two big drives plus a lil NAS. But no $/mo, thanks parents.
For over a few TB Hetzner and the like really hit hard (€21/mo for 10TB at Hetzner storage box). Depends how much disposable income you have/want to ensure data is good. Now-a-days €21/mo is like 1 Disney/Hulu/bullshit, that price is obviously over inflated but it makes you feel less bad about spending it on cold, hard, remote backups of your big ass data.
The really important things (essentially only photos) are backed up on a different USB drive and remotely on backblaze. Around one terabyte cost 2-3$ per month (you pay by operation, so it depends also by how frequently you trigger the backup). You want to search for “cold storage” which is the name for cloud storage unfrequently accessed (in other words, more storage than bandwidth). As a bonus, if you use rclone you can encrypt your data before sending it to the cloud.
how do you unlock the encrypted disks? is it manual, or did you automate it?
One of the best uses of encryption is that you can pull drives that die and not have to try to wipe them as they die or smash them. They’re encrypted so it’s just gibberish. Mostly the reason to encrypt.
I auto-unlock with two things: a USB drive I put in the computer that it looks for and another computer on the network that hosts an unlock file. I’m not defending against nation-states or the Gestapo, regular rubes won’t notice the pi zero hidden that hosts the network file. USB drive is for just-in-case so I don’t have to type that long ass password ever.
I didn’t try hard, but I’m not sure how to make auto-unlocking more secure.
I have automated it with a small initramfs script which has half password and download the other half from internet. My threat model is to protect from a random thief. So they should connect it to a network similar to mine (same netmask and gateway) and boot it before I can remove the half key from internet.
some security which is on my TODO list is: allow fetching the half key only from my home IP and add some sort of alert for when it is fetched.
Linux with LUKS can be configured to decrypt at boot
ok, but where does it get the decryption key from. my real question is how did you implement automatic unlock securely
you type it in on boot
That kind of defeats the purpose then doesn’t it
shut down and its encrypted? ofc you also have to have a decrypt password. I use luks so if my computer gets stolen my files arent readable, which is true because they cant leave my house without unplugging it
Oh, if there’s a password then that’s different.
But they certainly can take it without unplugging it, if they really want to. For example: https://cdsg.com/products/hotplug-field-kit
Home… lab?
Dude, it’s just a computer.
Lol all I have is the remnants from my ship of theseused main rig chilling in a 3d printed enclosure running a single game server (sometimes) and I call that my homelab. Mostly because anyone I actually talk to in real life has no idea what the fuck I’m talking about anyway.
But I put it in a really expensive cabinet that I did not measure.
maybe they have switches and computers and whatnot, different units
EASY does it: Experimental Autonomous Securitybot, Yellow.
May as well just rig the house to burst into flames
I bought my power supplies off temu. One way or another, someone is getting hurt.
That’s reserved for if they make it past the first three levels of security. EASY and pals are #2.
Since the other comments seem to be less than useful ideas on things you didn’t ask about…
I keep my NAS/Video server for my home cameras in my gun safe. Costco has a gun safe (really can be used for anything like documents too since it’s fire rated) that had power cable running to the inside. I used the same path to run a data cable and keep it all locked up in there with a monitor mounted on top and a UPS in the middle. My safe is close to my room with the idea being if someone wanted to break in I’d keep the footage. Not that anyone would, but like you seem to be asking I’m more concerned about the what if.
The rest of the switches/routers/WAP Controller is located in my home office closet inside of one of those on-Q boxes in the wall.
If the (theoretical) burglar finds a gun safe and it is even locked properly, I would think it looks quite attractive :)
That’s why it’s bolted to a concrete slab from the inside.
That sounds like a great idea but how is the ventilation on that setup? Does it have ventilation for letting in cool air and exhausting the hot air?
It’s a smaller unit for my camera setup and it’s in a cooler area. When I open the safe up it’s basically the same temp. So I’m not worried about thermal performance. At least on that front. The camera system is just for home monitoring. The main components (what you mentioned being concerned about) stay hidden too behind the closet wall in my office and the wall is an interior wall so thermally they stay pretty smooth.
