Hey folks, I wonder if you have thoughts for me here. First of some background: I consider my work environment to be “hostile”:
- Microsoft windows 7/10/11, in varying states of updates (or lack thereof). Not even sure if all copies are even legitimate
- IT doesn’t literally care and only does the barest of minimum effort
- Network is on a flat topology and everyone can see everything.
- IT doesn’t do any monitoring or any sort of administration. Its the Wild West/Fury Road out there.
- I should probably talk to a higher up about improving security. We dont have a budget for that, probably. And IT only knows Windows and Microsoft so Linux is probably out of their line of expertise.
I installed Fedora in a machine that no one was using (contractor abandoned support) in my department and IT just shrugs and moves on.
With that said, what is the best way to synchronize files off these?
-
Best scenario I have in mind is to use Google Drive + Cryptomator and sync my machine to the Google account used: I offload the actual securing of the network connection and let Google handle it. I may lose anonymity and maybe some privacy through this method but I find it acceptable enough. I am also thinking of substituting Google Drive with BackBlaze B2.
-
I use a fully encrypted USB drive - I already am using a Veracrypt protected vault inside the Fedora install and I could either copy-paste files into it (minimizing wear) or sync the whole vault itself (very bad, will accelerate NAND flash degradation in my USB). This is very manual and tedious and I am actively trying to avoid this because we supposedly have the tech to avoid manual sync.
-
Use Syncthing directly + VPN in my home network: TLS within Syncthing should be enough to secure me and the VPN should give me some anonymity and privacy but I don’t know and cant realistically check if malicious actors are already inside the work environment and may want to probe into my home network and I cant really defend myself from that kind of threat. I have pfSense with a basic setup that I keep updated and I don’t really know if that is enough.’
I don’t have network intrusion detection/prevention system installed and I don’t have the time to learn right now. I want to learn them in the future, though.