I’m a software developer working in the telecam sector on security related products, so I know a fair bit about system security. Yet I wound secure my own system far less than most people here if I didn’t enjoy cybersecurity as a hobby.

I wonder what you are securing against? Some examples:

  • jellyfin: unless you have home videos on there, what does it matter if someone exfiltrates some movies? Surely you have basic DOS protection and/or region locking to reduce wasted network traffic, right?
  • linux: I assume nobody is using their servers as daily drive PCs, so what does it matter if somehow your system is superficially compromised. You can always reimage. Sure they could mine some bitcoin with your system, but it doesn’t have that much PSU headroom to cost you much on your bills, right?

It just seems like most attack vectors lead to mild annoyance at most for most systems.

Do you guys just enjoy cybersecurity? Do you actually keep sensitive data on your self hosted systems? Do you self-host on expensive hardware? What am I missing?

  • SavvyWolf@pawb.social
    link
    fedilink
    English
    arrow-up
    4
    ·
    19 hours ago

    People exfiltrating movies from your Jellyfin account sounds harmless until you get a knock on the door from the police asking why you’re running a piracy sharing site. Depending on the attacker’s level of access, they may also wonder why your server is now serving kiddie fiddling videos. Or maybe the attacker just replaces all your movie metadata images with ones from the Bee Movie.

    To me at least, DOS and region locking should come after properly locking down public facing services. They aren’t 100% reliable at preventing intrusions.

    I’d be surprised if there wasn’t a large difference between the power usage of a cpu at rest (like most servers will be) and one at full power. Especially if it had a gpu in it. They certainly sound a lot louder in my experience.

    You can never be truly sure how bad a compromised system has been compromised, or even easily detect when it has happened. It could be running as part of a botnet, stealing your credentials or probing your local/mesh network.

    In my eyes, competent cybersecurity abilities are an important part of selhosting which seems to fall by the wayside. It’s important to know exactly what your server is doing, what is running and who has access. If your system is on the public internet, you have a moral obligation to behave and not have it turn into a botnet or spam machine.

    • Onomatopoeia@lemmy.cafe
      link
      fedilink
      English
      arrow-up
      2
      ·
      19 hours ago

      I like your point about power monitoring - that would be an interesting secondary method for alerting to a possible breach, if you have a consistent power-use profile.