Where to store the file server of a small company?

Puzzled by the question of safe information storage on the server (in case the search did not pick up the server). On the one hand, you have to drive a lot of information, on the other hand would be away from the office. Internet in the office is not very bright. The idea was to hang the server under the ceiling, but there is still a probability of detection during the search. I welcome any ideas )
October 8th 19 at 01:03
17 answers
October 8th 19 at 01:05
IMHO from a search it is better not to hide the "physical" way. Make backups, store them in the cloud, put TrueCrypt on the server and keep it safely in the office.
And how termorektalny cryptanalysis? - julius_Hermiston commented on October 8th 19 at 01:08
Well, if all so is serious, it is very simple: otdam a password, which will be displayed %fake_secret_data%. Accordingly, %secret_data% lies in the hidden section, as is well known, the existence of which no way to know.
Or, you can make it even cooler: to download put script, which will ask to enter the password or insert the media, enter the fake password or load carrier permanently destroy data, including itself and the operating system, and shows the trollface. - Zakary74 commented on October 8th 19 at 01:11
October 8th 19 at 01:07
To keep in the van, and if the test is to unhook the wires and put pressure on the pedal)
As well as spies, secret agents and exploding helicopter!
I don't think keep the driver keep within the budget + it's not safe, you need a trusted person. - julius_Hermiston commented on October 8th 19 at 01:10
well, You should not laugh. This decision of life. - Zakary74 commented on October 8th 19 at 01:13
I know one company that so holds financial info.
Of course we need more protection of the transport.
But as one of arapovac: "you want to press no hide and seek will not help" - luciano.Schmi commented on October 8th 19 at 01:16
October 8th 19 at 01:09
What is the budget for a solution?
With prices for rental property in Ryazan, I don't know. But I think for this money it is possible to rent a room in the house opposite (if there is such). While there a radio channel. The performance should be enough. - julius_Hermiston commented on October 8th 19 at 01:12
October 8th 19 at 01:11
Immured in the wall!
But seriously, the cloud will not work?
October 8th 19 at 01:13
Join the above — TrueCrypt + bakapy in the cloud. The server is hidden and only available via radio. Pgp TrueCrypt container can be placed on the virtual disk server, thus, turning off the power erases the old.
Some of the nuances.
Bakapy can be stored in the cloud, and the houses on the Trustee.
A power outage can be arranged so. Put a large, but fake a server — something like a Dual PII/PIII on a fullsized PC motherboard, boot from live media. During the search it is removed in the first place. As soon as a real server stops responding to ping sham — it also disables/encryption is provided...
Oh, by the way, thermite-theft screw on the trigger when opening the housing can also be considered as an option seem on dealextreme there is something Chinese-serial on the subject.
you can link to some of these secrets? - julius_Hermiston commented on October 8th 19 at 01:16
good idea, but tarmidi not recommended - Zakary74 commented on October 8th 19 at 01:19
But why to think of something hardware to turn off the power? Well this is unnecessary suspicion. During the search of food and so shut off (it is unlikely that your firm is so steep that they will deal with the server in place), when will withdraw. Well, if the server is connected via UPS and if it wants to withdraw in the connected condition, the UPS should be connected via the usb cord and to write a script that will monitor the change in power status and disable the drive. - luciano.Schmi commented on October 8th 19 at 01:22
About the power supply idea is somewhat different. There is a server standing outside the office (in another room, in the basement etc.) it is available via WiFi, if its not make cut off, it can be detected. Actually this fear - Al_Gottlieb commented on October 8th 19 at 01:25
About tirmidi;-) I think it's all the same our interpretation, the original was something electronic. If I find/remember, I'll post - Donald_Colli commented on October 8th 19 at 01:28
Link to the key lock solenoid — Clap - Vern.Moo commented on October 8th 19 at 01:31
October 8th 19 at 01:15
Something tells me that if the reviewer will nachnutsya such thermite thing, test will be with particular zeal)
October 8th 19 at 01:17
Examples from life:
1) Business center in Central Moscow. Agreed (through a friend) with the district provider about what server hosted from them, and to the office of a radio channel from a nearby building.
2) 3) Leased space for storage on the second floor (in the basement). For complete discretion — to rent their "Horns and Hoofs".
4) Powerful laptop. If anything, put in a briefcase and oritse that it is a private property and search are not eligible.

About termite (if I understand correctly), I do not recommend is the obstruction. Explicit.
I accountants all ears buzz, that everything that is personal is brought into the office was already office. If personal, we need a mandatory written confirmation, etc.
There were cases when the tax prescribed penalties for what the office is a home appliances that is not listed on the company and what is the personal things of employees, no one cared. - julius_Hermiston commented on October 8th 19 at 01:20
If it's on the table, then Yes. Began to work. The main thing to have time to put them into your bag/backpack. - Zakary74 commented on October 8th 19 at 01:23
Don't know all the changes in the law, but if You brought something, in this work, and each working day, get home, it personal is. But then again, does the benefit of the authorities, which is higher than the accountants, so this boss should bukhov and send. - luciano.Schmi commented on October 8th 19 at 01:26
Don't know when the two searches — both times safely stowed my laptop bag and went home. :) - Al_Gottlieb commented on October 8th 19 at 01:29
At all can hold you with the equipment to determine that it is a private or not — very few people care.
one friend quietly let go, without even asking documents for equipment - Donald_Colli commented on October 8th 19 at 01:32
October 8th 19 at 01:19
Trucrypt on the partition and backups in the cloud, the idea is very common, but do not forget that termorektalny cryptanalysis in truth works wonders! As experienced analysts in the police, alas, every second if not more. This basic protection for You as an employee of this company and the Director will be to create protection from the application of this analysis to You and other employees, and it is possible when creating a framework by which the fingers can be persuaded analysts to complete inability to get to information access.
I went to this bike.
Sat admin not bothering anyone, then the mask show, the admin can press a button razmatranja container. Further questions — what is it you have a file on many gigs? Yes, to hell knows, the sounds to test the throughput of the mesh/screws. Password? — There was some, but they forgot behind prescription... - julius_Hermiston commented on October 8th 19 at 01:22
da0c, better to read a true story about a system administrator of Yukos, and how long it took authorities to receive password by using these high-tech tools like tape and a chair. - Zakary74 commented on October 8th 19 at 01:25
Well, then Yukos, it was just a specific interest. Although the admin of my stories also risked pretty... but the scale was different and without physical cost. - luciano.Schmi commented on October 8th 19 at 01:28
A web camera in the office of the administrator, and send video to the recorder in the basement ) - Al_Gottlieb commented on October 8th 19 at 01:31
You need to understand that the refusal to assist in the investigation can draw "resisting the authorities" and get the deal. Therefore it is necessary to weigh the pros and cons — what is more important for you. - Donald_Colli commented on October 8th 19 at 01:34
October 8th 19 at 01:21
If possible you can try to look for in the same building where the main office, a small room. If the building was built in Soviet times, the probability of availability of basement and(or) outbuildings. Connection via WIFI.
It is better to rent an apartment in the house opposite -> sight -> WIFI -> bakapy in TrueCrypt + cloud.
Apartment rent per person, which does not work in the company (relative to the employee?). - julius_Hermiston commented on October 8th 19 at 01:24
The apartment will be more expensive 5000 - Zakary74 commented on October 8th 19 at 01:27
October 8th 19 at 01:23
Continuing about the theft — after all, this is not tirmidi, and electromagnetic boxes for magnetic Erasure of information from hard for the team. Speaking of which, domestic production, are really $1500, but in the aforesaid budget fit — Clap. Key lock, in particular, can trigger for Atiku opening.
Told me a cheap and good method of protecting the screw (a little forgotten, but if you need to ask and clarify): the set screw pneumatic gun that shoots the nails and the triggering of the button. Drive screw into small pieces :)

And if you are humane, you can make a connector for the system unit (bottom), across which is connected a screw in the floor. The system unit is raised, the screw is chopped off. Well, or to alter the USB to RJ-45 and say that it's a network. - julius_Hermiston commented on October 8th 19 at 01:26
October 8th 19 at 01:25
and the one with common sense:
a) either the grain to work in a dark office
b) to work so as not to violate the laws.
TO pozaviduet and jump down from the balcony.
It is what You are rushing out under pressure? - julius_Hermiston commented on October 8th 19 at 01:28
the government we have is... - Zakary74 commented on October 8th 19 at 01:31
October 8th 19 at 01:27
Long ago I read an idea where you don't remember. Proceeds from "the hidden place is the most prominent place."
So, take the motherboard without LEDs, no PSU cooler, PERC + passive cooling, a couple hard.
Put it all on the table without a box, very close to the soldering iron, solder and rosin. Induced work disorder, can be a couple of circuits to print and is also close to quit.
October 8th 19 at 01:29
Heard about the idea of placing a data center in the orbit of the earth, there is for sure no one will get it. :)
I think very few orbiting satellites with weapons?:) - julius_Hermiston commented on October 8th 19 at 01:32
The old can't reach. In this sense :) - Zakary74 commented on October 8th 19 at 01:35
October 8th 19 at 01:31
The problem as I understand it only the data? Calculations will hold the server itself (virtaully let it run)

Gigabit networking and distributed file system in encrypted with multiple containers duplicate files on all users ' machines (RAID lvm/distributed system using drbd/access containers smb), the file to execute as a user pron.avi, also more reliable you can work with supposedly the system files (on the system drive pagefile.sys and hiberfil.sys there are always contain garbage, don't have to use, people will not even know).

Starting server processes manually using the stick of a Trustee

p.s. as 90% of cases is enough in the server to cram more RAM and keep working the images there (backup the RAID to the network).
October 8th 19 at 01:33
In one office where I once worked, had done so: some rented room in another part of the city, which was transported all the secret servers that have been given a range of addresses from 10.0.0.0 subnet, and not pinholes or from one office, with terminal people they can connect. Just use the system Sapsan, and cost guard to press the button during the visit of the uninvited guests to the office in one part of the city, the servers themselves off in another part of the city.
Now I argue that I did.
1. You do turn off as soon as You come on, let's say I'm one of them. On command, all of You be excommunicated from the comp.
2. I am requesting statements of netflow on Your network provider, and while they're cooking, watching on the computer's route table, if possible Palud recent files, perhaps stored terminal connection. Study what is connected and where we learn the space for burials.
3. I get netflow and see who's where to go. Find out what kind of operator you have for your servers, call them, running IPS, addresses. Go withdraw it all.

Of course, this is just offhand. Each case is unique and requires a unique approach. But the essence is the same, in addition to all you need:
1. To encrypt the traffic and let it through completely independent from our state-VA network, vpn, tor, etc.
2. To encrypt the data on the other side.
3. Servers keep not in Russia. - julius_Hermiston commented on October 8th 19 at 01:36
So far on points 1-3 hold, out of the room all has been take out and hide. - Zakary74 commented on October 8th 19 at 01:39
when it is properly planned event you even can not utter a word - luciano.Schmi commented on October 8th 19 at 01:42
October 8th 19 at 01:35
The task is divided into parts:
1. place the server close to where it is hard to find and where it will not be able to pick up quickly to have time to execute the procedure of Stripping
2. make a backup of the server to where it can't physically take in principle (the cloud)
3. guests can enjoy daily access to the server and becau a working key for employees
4. implement an automatic sweep by pressing the panic button, including the compromise of working key (password) officers, a sweep of the server and prepare it for the safe transfer of analysts that would be required in the case of detection.
5. a separate spare key for access betapam handed to those who are not available to cryptanalysts rectal (placed in the cell in Cyprus)

ps
And no secrets, so there is not even hint of your disloyalty.
Panic button you can give the sysadmin, Director, accountant, security guy. Button might just call a friend.
usually at gunpoint very few people have the chance to make a call/send SMS, even without jammers - julius_Hermiston commented on October 8th 19 at 01:38
well mask button in the countertop, give your phone a watchman, bouvrie, the bartender or cleaning lady and pay for their personal conversations to make them loyal to you. Reliable ways you can come up with a car and small truck. - Zakary74 commented on October 8th 19 at 01:41
October 8th 19 at 01:37
I recall how under the bar servers in some office was mine which was the magnets.
in which case press the button and stand with storages inside passing powerful magnets.

In General, if comes serious mask show — first of all blocked communication jammers gsm/3g networks/Wi-Fi and truncated channels in the Internet. Guys friends told me that in the neighbouring office car came with a good antenna, then the mobile communication said, "Oh!" and ended until the end of the campaign.
but the problems of the Internet ended with the power outage.
God knows, but if everything is so serious...
Put the Director and his Secretary a pneumatic system to a nearby office, where a loyal friend. Use a LAN over 220 v adapters to the server. Sauzaie the fire alarm. Ask — I will say that in the confusion we decided that the fire. - julius_Hermiston commented on October 8th 19 at 01:40

Find more questions by tags System administrationServersComputer networks