How to secure OwnCloud?

security storage cloud owncloud
10,607

In general, running your own open-source cloud storage solution will be far less secure than any industry-standard service. Think of it this way, those companies have entire teams of people dedicated to nothing but securing their product, and they still make mistakes...

That said, if you just want to do your best while swallowing the risk, here is some guidance that will get you in a better position:

  1. Run your owncloud box in a DMZ, not directly in your home network. It will still be accessible to both internet and LAN, but when it gets pwned your home network won't be compromised.
  2. Use complex passwords, or (better) key-based authentication for every account and EVERY service (MySQL is a huge attack vector).
  3. Change all software/service ports to non-standard ones and configure software appropriately.
  4. If possible, use iptables to block connections from everywhere except trusted IPs. This partially defeats the accessible-from-anywhere aspect of a cloud solution, but drastically improves security.
  5. Install log/file monitoring solutions like fail2ban, rkhunter, OSSEC so you know when/if your box gets pwned.
  6. Encrypt all your data.
Share:
10,607

Related videos on Youtube

TomTom
Author by

TomTom

Updated on September 18, 2022

Comments

  • TomTom
    TomTom almost 2 years

    I am not literate when it comes to servers, but I like the idea of having my own cloud storage for privacy reasons. OwnCloud is targeting (at least a little bit) the "DIY-home-user" so it seemed to be worth a try. After some hours I managed to have a working OwnCloud server that is accessible from the internet.

    Now that everyone can access it from anywhere I should probably start thinking about security. Not that there is very sensitive data on this server or there is a concrete threat. But I would like to cover the most obvious vulnerabilities because it is in the home network. So far I have scanned it with nmap and nikto. The output generated seems to be as expected.

    Are there other important measures I can take to have a decent level of security?

    My setup

    • OS: Raspberry Pi 2 with Raspbian
    • Server: Nginx and self generated 2048-bit SSL-Certificate
    • DB: MySQL
    • Cloud Software: OwnCloud 8
    • TomTom
      TomTom about 9 years
      I would agree if the data was very sensitive or there I was a concrete threat. But it is a personal storage and I need the server for other things as well. So I am willing to take the risk!
    • Cynthia Ramírez
      Cynthia Ramírez about 6 years
      This might be of interest: cvedetails.com/vulnerability-list/vendor_id-11929/… — and these are only the officially documented ones.
  • TomTom
    TomTom about 9 years
    Interesting I haven't thought about DMZ. At the moment it is just port forwarded. Are we talking about whole disk encryption or just a folder?
  • jlehtinen
    jlehtinen about 9 years
    @TomTom It's your call on how you encrypt it. At minimum, encrypt your personal data. On a Pi, you might take a big performance hit if entire system is encrypted.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I prevent backup for user data in flutter for iOS app?
flutter data storage: local storage vs cloud storage
Can Google Drive desktop be used on Ubuntu?
EncFs insecure, what to use now
Storing credit card details
Should I encrypt a hardware RAID5 on my homeserver? How?
Website Wants to Store Files on this Device? (Chrome)
How to wipe free disk space in Linux?
Which of the Windows updates are really necessary?
OpenStack Cinder: iSCSI login negotiation failure after reboot