Homelab

371 readers

9 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 11 months ago

MODERATORS

[email protected]

How do you secure your home lab? (alien.top)

submitted 10 months ago by [email protected] to c/[email protected]

92 comments fedilink hide all child comments

Started off by

Enabling unattended updates
Enable only ssh login with key
Create user with sudo privileges
Disable root login
Enable ufw with necessary ports
Disable ping
Change ssh default port 21 to something else.

Got the ideas from networkchuck

Did this on the proxmox host as well as all VMs.

Any suggestions?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 10 months ago (1 children)

None of my services are available outside my house without first logging into the fortigate SSL VPN. That is the only open port I have.

The SSL VPN uses a loopback interface so only IPs from the US can access it, and I have strong auto block enabled and I add IPs of systems that try brute forcing into the box so they get blocked

I did forget to mention that I use cloud flair already for the exact reason you mentioned so my home IP is not used.

I also have a domain name with valid wildcard certificate. The domain is used to access the SSL VPN and I also then use the cert within my entire homelab so I have everything encrypted

I was not a fan of PF sense, the fortigate has more security features that I wanted

[–] [email protected] 1 points 10 months ago

Pretty cool man, thanks for sharing.