RE: Linux Security 101: Physical Security: Intro
great post. always appreciate security content. Keep at it with the great posts dude you know what your talking about.
If you dont need to use the USB ports you can fit stoppers to the ports.
Log the hell out of everything. Encrypt it send it offsite.
Cameras are good ideas if they are installed in the rack . you can tie them up to open up locks for engineers.
Using a Bastion host to facilitate connections to your server in a controlled secure way. The best places ive seen tend to do this.
Location? If you have a single server in a single location. if this place gets compromised its over for you. 2 is 1. 1 is none.
I dont trust any data in the cloud whatsoever. If the third party provider gets compromised its over. You can layer the encryption so you hold the keys with stuff like cryptomator.
follow me @shifty0g
The cloud can be trusted, if you encrypt your data before sending them, and/or you maintain your own server for cloud sync (I'm not only talking about Dropbox as "cloud", but for partially-DIY solutions, like ownCloud or fully blown DIY solutions with manual sync with rsync or any other secure tool)
For those wondering what a Bastion host is, here is a great read by PCMag