this post was submitted on 06 Feb 2024
182 points (99.5% liked)

Selfhosted

42666 readers
631 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
182
What are the most paranoid network/OS security measures you've implemented in your homelab? (lemmy.world)
submitted 1 year ago by MigratingtoLemmy@lemmy.world to c/selfhosted@lemmy.world
132 comments fedilink hide all child comments
 

As the title says, I want to know the most paranoid security measures you've implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I'm wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

(page 3) 37 comments
sorted by: hot top controversial new old
[–] agent_flounder@lemmy.world 2 points 1 year ago (1 children)

I am clearly not paranoid enough. For a while I was running an open source router inline between the network AP and the fiber to Ethernet box and running nids but the goddamn thing kept crapping out every few days so i took it back out until I can find a more stable solution.

I have plans if I can ever get around to it. I want the smart TV, printer and other shitty things on a separate network from the more trusted devices. I don't know how yet but I would like to set up 802.1X for the trusted stuff.

[–] JoeKrogan@lemmy.world 1 points 1 year ago

You could not connect the TV and printer to the network but instead attach them to raspberry Pi or similar devices. This allows you full control and stops them calling home and spying.

[–] MonkderZweite@feddit.ch 1 points 1 year ago

Tinyssh in a ssh user, su from there. I see privilege management in openssh as potential vulneranility.

[–] MTK@lemmy.world 0 points 1 year ago

One day I will setup my security onion, but I'm procrastinating

load more comments
view more: ‹ prev next ›