How to protect a local server if someone has physical access to it?
I've gone through a related question on how to protect data in case of unauthorized physical access to a server, where the consensus seemed to be that preventing data access when someone has physical access to the server (the machine is turned on and running applications) is nearly impossible. Despite this, I'm still exploring potential solutions.
I recently set up a local server to run Nextcloud and Bitwarden, intending to store all my crucial data at home. Everything is functioning well, and I've installed Ubuntu Server with full disk encryption. However, I'm determined to make it extremely challenging for anyone with physical access to my server to retrieve information.
I believe that full disk encryption may not be foolproof because the server is always running, meaning the decryption information is already loaded into memory.
I take data security seriously and am considering extreme scenarios, such as government or law enforcement gaining access to my local server at home. Currently, to run any application, I must be logged into the server, making it accessible to anyone who gains physical access.
What options do I have to prevent data access for someone with physical access to my server? While full disk encryption suffices when the server is turned off, how can I safeguard sensitive data when the server is running and physically accessible? Is there a method to store decryption information on my notebook, where I log in to the server via SSH, ensuring that decryption occurs on my notebook?
Finally, I came across this question with informative answers. However, the solutions provided seem complex given my current understanding. I'm contemplating a solution that may not be as robust but could still significantly impede or make it nearly impossible for someone with physical access to my local server, while it's turned on, to read sensitive data.
