Everything on one server
-
Hello everyone. I want to self host all my services, just from a security point of view, is it bad to put bitwarden and your email on one server for example? Just thinking if something gets compromised, all my stuff is in one place. From a tracking perspective, is it bad to have all your data from different apps (wallabag, syncthing, bitwarden, email, notes...) going to one IP? Or am I over thinking it. Thanks!
-
Hello everyone. I want to self host all my services, just from a security point of view, is it bad to put bitwarden and your email on one server for example? Just thinking if something gets compromised, all my stuff is in one place. From a tracking perspective, is it bad to have all your data from different apps (wallabag, syncthing, bitwarden, email, notes...) going to one IP? Or am I over thinking it. Thanks!
@cloud802 I'm sure more tech-minded folk will expand on this, but, from what I understand, because Cloudron uses Docker, ALL the apps and services are kept separate from one another.
I suppose if you use easy to guess passwords, and use the same one on different apps, then you are open to attack that way. But that wouldn't be Cloudron's fault. Even if you installed a WordPress plugin, for example, that was hacked, and you lose your WordPress installation, nothing else will be affected. Just reinstall, or restore the WordPress from a known, safe, backup.
Another attack avenue, related to the password one above, is if you use one domain with subdomains, or more than one domain for the different services, it is easy to whois them and slowly find out which domains are all on that Cloudron server. Then an attacker might wait for some weak spot or zero-days to exploit (of the app on that domain), but that would happen on any service. EVEN THEN, if some service or app was hacked, the auto backups of Cloudron would make it easy as pie to restore everything.
These are some of the reasons why I love Cloudron.
-
@cloud802 I'm sure more tech-minded folk will expand on this, but, from what I understand, because Cloudron uses Docker, ALL the apps and services are kept separate from one another.
I suppose if you use easy to guess passwords, and use the same one on different apps, then you are open to attack that way. But that wouldn't be Cloudron's fault. Even if you installed a WordPress plugin, for example, that was hacked, and you lose your WordPress installation, nothing else will be affected. Just reinstall, or restore the WordPress from a known, safe, backup.
Another attack avenue, related to the password one above, is if you use one domain with subdomains, or more than one domain for the different services, it is easy to whois them and slowly find out which domains are all on that Cloudron server. Then an attacker might wait for some weak spot or zero-days to exploit (of the app on that domain), but that would happen on any service. EVEN THEN, if some service or app was hacked, the auto backups of Cloudron would make it easy as pie to restore everything.
These are some of the reasons why I love Cloudron.
-
@cloud802 for tracking what services run I use https://crt.sh/ to see the registered sub-domains.
Example one of my domains - https://crt.sh/?q=bigbluebutton.devYou cant see which services run on this cloudron from just the domain.
For bitwarden I use my yubikey for a second level security.
-
@cloud802 for tracking what services run I use https://crt.sh/ to see the registered sub-domains.
Example one of my domains - https://crt.sh/?q=bigbluebutton.devYou cant see which services run on this cloudron from just the domain.
For bitwarden I use my yubikey for a second level security.
-
@brutalbirdie Ahh ok cool awesome!
-
@humptydumpty Perfect thank you.
