House building ideas and how to implement for increased Privacy/Security.
-
[email protected]replied to [email protected] last edited by
Privacy from what? What's their threat model?
-
[email protected]replied to [email protected] last edited by
Consider network boxes and structure of net. At a minimum segregate things on different network segments. Guest, IOT, Your Stuff, Wired, Wifi, etc. Your boundary router and everything inside it should be yours and get automatic updates. Ideally two network providers, one fiber, one wireless. Encrypt everything on the net.
Avoid wifi and bluetooth if you can, but probably you do not want to. If you use them, secure them the best you can. Strong keys, SSIDs that tell nothing, etc. You can set your wifi APs to ignore clients outside of a certain range at least. Also hardwire the APs. Airgap things that really matter. For example Airgap at least some of your backup archives, and take some offsite too. A nice way to do that is host mountable SATA draws on your backup server with high capacity real spinning magnetic disks (no SSD or Flash stuff).
On systems that matter at least use volume mirroring, or some level of Raid, and do have an UPS. Maybe consider a whole house UPS if your loaded with money. Your network boxes should be on have UPS support too, and at least one of your network providers (starlink, other sat provider, maybe cell or wimax, old style DSL, etc).
Actual network connectivity, consider how your going to do that. You could route all network traffic though a VPN or Tor, but you may not want to do that. Big downsides too. One could choose to route certain subnets that way though.
Actively keep everything patched, monitored updated. Remember, less is more. Minimize what needs to be patched, monitored, and updated. Put firewalls on everything and minimize the software and services and attack surface. Treat every device on your net as mostly untrusted.
-
[email protected]replied to [email protected] last edited by
Consider low maintenance materials. Simple roof line, with good landscape drainage away from the house. Metal, ideally stainless steel roof. Triple pane metal clad or fiberglass windows choose by the sun exposure in terms of coatings. Heavily insulated. ERV ventilation. Consider commercial grade doors, and hurricane approved windows, etc. Consider stucco or another low maintenance exterior. Ground loop heat pumps for heating. Enough electrical capacity for all electric house including eV charging, but with backup power source.
-
[email protected]replied to [email protected] last edited by
Hardware recommendations such as Model and brands? Software recommendations brands/FLOSS? Thanks for the lengthy insights I will definitely pass it on. Simple is best. I believe everything will be tied into Home Assistant. Amongst other self hosted solutions.
-
[email protected]replied to [email protected] last edited by
General security and privacy enhancements. Nothing threat specific as that can be handled seperate to this post.
-
[email protected]replied to [email protected] last edited by
Draineage and runoff are so underrated. Thanks for this type of post. All good info when most focus on opsec and intenet based concepts.
-
[email protected]replied to [email protected] last edited by
I am a FOSS guy so I'd just configure Debian or Ubuntu to do most of the server, media center, desktop, and laptop stuff. Smart Phones Google Pixel 8a or another a series flashed with GrapheneOS. For network I would look at PfSense, OpenSense, OpenWrt, or DD-WRT devices. I have DD-WRT devices but have they do not get updates sadly, but there are some vendors that base their devices on DD-WRT. Not sure which ones. ASUS? Buffalo? Is there a list somewhere?
The other direction is to go more commercial which is probably what you want. Lot of people like Synology products. In particular they have nice NAS products which should be fine if you just run them on the LAN. If you want to connect while traveling, setup some sort of VPN. Do not expose any of this stuff to the WAN. For network devices I would consider Netgate, I think they have some PfSense firewalls. Some people seem to like Ubiquiti stuff.
I personally have generally favored Netgear but as I said, I mostly have just re-flashed with DD-WRT but am thinking of doing something different at least with regard to my boundary router. It has gotten so we all need to have our network devices rapidly updated, especially exposed ones like the boundary router.
-
[email protected]replied to [email protected] last edited by
Drainage is often done incorrectly in new construction too. Very common to have all the water drop beside the front door and create a pond. Very common to have beds around the house that create little swimming pools. If nothing else the ground will sink around the foundation and have to be filled quite soon.
-
[email protected]replied to [email protected] last edited by
Zip it, Scotty
-
[email protected]replied to [email protected] last edited by
As of the time I’m writing this comment literally none of the suggestions made actually matter for the ambiguous goal of “general security and privacy” more than building in a neighborhood or community that meets the occupants desires.
Pick a place with people you want to be around who you trust to look out for you.
-
[email protected]replied to [email protected] last edited by
Hot take, but your local community matters infinitely more than the construction of your house. Build somewhere you have neighbors yoh get along with who will stick their neck out for you.
That being said, you can do the following:
-
Plant/build near large trees to cover from satellite/aerial photography
-
run conduit throughout so you don't have to rely on wireless networking
-
install security cameras that feed somewhere local (I'm assuming nobody who breaks into your house gives enough of a shit to fins and destroy your recordings)
-
buy actually good locks, doors, and doorframes. Make sure you're aware of what to expect from these, they wont actually keep someone out, they just make entrance louder and slightly more cumbersome.
-
build a secret sex room for you and your spouse. This is less of a privacy asset, and more just a fun thing to do.
-
-
[email protected]replied to [email protected] last edited by
I'm assuming nobody who breaks into your house gives enough of a shit to fins and destroy your recordings
Unless agent 47 do silent assassin suit only run.
-
[email protected]replied to [email protected] last edited by
Bunker.
Deep bunker.
-
[email protected]replied to [email protected] last edited by
I saw a lot of people out of propane in the 2 weeks after Helene. Propane should be a strategic reserve- natural gas should be the primary for generator fuel and heating. Let someone else store it.
-
[email protected]replied to [email protected] last edited by
when building a private house, the same advice applies as when building a private pc.
avoid windows.
-
[email protected]replied to [email protected] last edited by
Threat modelling would be good here. You can spend a bunch of money on crap they don't need.
Broadly speaking...
a heavy built-in / fire resistant, safe is a great thing to have.
As much wired internet throughout the house as possible along with a decent firewall solution.
-
[email protected]replied to [email protected] last edited by
Good old drawbridge