this post was submitted on 22 Nov 2023
4 points (100.0% liked)
Homelab
380 readers
9 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Anything that faces the internet I have on a separate vlan. Each system on that vlan is treated as if it was facing the internet directly, that way if one of them gets compromised the hacker will not get far trying to get into any other machines.
Rest of my network is a little more tame just for ease of access since it's only me on here.
Although at some point I do want to revisit my security protocol even locally, just in case. Hitting some kind of drive by trojan script or something within the browser is always a possibility, it could work in reverse where it connects to an external server and then accesses the rest of the network that way. I'm not aware of such trojans but I'm sure it's possible.
I do block all outbound ports except for base internet ports but a properly written malicious script would probably take that into account and use a common port like 443.
At some point I might setup a honeypot. Just need to name the VM "cryptowallet" or something like that and it would be a very fast target. If access to it is detected it would alert me and shut off the internet.