# What is a Home Lab? In a cybersecurity or I.T. sense, a [home lab](https://linuxhandbook.com/homelab/) is a personal server which allows someone to experiment with different Operating Systems (OS)'s, software, and more. In many cases, a home lab can be used to host your own data storage, reduce your reliance on online services like cloud storage/computing, and even increase your online privacy by filtering out advertisements or tracking when accessing the internet. # Design Process Before we get into the acronyms and technical jargon, lets go over a few goals for my home lab, and give room to experiment with new ideas. ## Home lab goals: Lets start with some loose goals in this project: - Increase my online privacy and [cybersecurity posture](https://www.crowdstrike.com/en-us/cybersecurity-101/exposure-management/security-posture/) - Provide services that allow my family to access sites online without compromising their privacy/security - Reduce my reliance on online services such as cloud storage/backups - Run my own local AI (Artificial Intelligence) such as [Ollama](https://ollama.com/) - Leave room to experiment with new services or operating systems - Be able to access my network remotely over a VPN like [Tailscale](https://tailscale.com/) - Ideally funnel traffic traffic from my laptop and phone through a [Tailscale Exit Node](https://tailscale.com/kb/1103/exit-nodes) ### Lets break it down: #### Privacy vs. Security Increasing online privacy and security is a pretty broad goal, especially since they are separate goals that happen to overlap quite a bit. Breaking them apart and [defining](https://dataprivacymanager.net/security-vs-privacy/) them separately can be difficult, so its a good thing to do before we embark on such a project. Privacy generally refers to an individuals right to freedom from prying eyes. In data privacy, this would mean that an individual has a say to what their data is used for and who gets access to it. Security is much easier to define, it revolves around protecting information from unauthorized access. In a data sense, we are usually talking about the [CIA Triad](https://www.nccoe.nist.gov/publication/1800-26/VolA/index.html) : - **Confidentiality** - Securing data against unauthorized access. This means that no-one can see the data you are protecting. - **Integrity** - Ensuring that data cannot be altered by unauthorized users. This can also encompass file corruption. If a file becomes corrupted due to a bug, **file integrity** would mean that there is a way to check for file corruption and fix it. - **Availability** - Information should be readily available for authorized users. This can include using a [UPS](https://www.apc.com/us/en/product-range/61883-backups/) (Uninterruptible Power Supply), ensuring that we are using reliable hardware, and having a reliable internet connection. #### Reduce Reliance on online services This is one of the cornerstones of home lab projects. Many people including myself wish to reduce reliance on online services for many reasons including data privacy with services like [Microsoft OneDrive](https://www.microsoft.com/en-us/privacy/privacystatement) who can change privacy policies at will, sometimes without notifying users. While this isn't a terrible violation, it would be nice to have a self-hosted solution that abides by my privacy and security rules. #### Run local AI More and more home lab projects involve some type of local AI. Services like ChatGPT, Copilot, and Gemini are making AI a more popular and useful tool in our daily lives. However, these services often require an email address and phone number to sign up for an account. Combining this with various privacy violations these companies have committed doesn't create a very good situation. #### Leave room to experiment This is the real reason to have a home lab, to run experiments! As cybersecurity and I.T. professionals we love to tinker and test new things. We love to build and explore. For this reason, I am making sure that there is room to expand. This means having extra [RAM](https://www.crucial.com/articles/about-memory/support-what-does-computer-memory-do), extra drive storage, a powerful enough [CPU](https://www.ibm.com/think/topics/central-processing-unit) to run multiple processes simultaneously, and hardware compatibility on my server build. #### Tailscale There are two main goals to using Tailscale as a VPN in my home network. The first goal is to remotely manage my network and perform system updates or maintenance. The second goal is to funnel traffic through an [exit node](https://tailscale.com/kb/1103/exit-nodes). An exit node would allow me to still be `on my network` even when I am elsewhere. This give me the same access to my service as if I'm home, including: - [[Home Lab-Technical Details#NAS|NAS]] - [[Home Lab-Technical Details#Local AI|Local AI]] - [[Home Lab-Technical Details#Recursive DNS Server|Recursive DNS Server]] for privacy when browsing - [[Home Lab-Technical Details#Router/Firewall|Technical Details]] for security while browsing