As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

  • haui@lemmy.giftedmc.com
    link
    fedilink
    English
    arrow-up
    6
    ·
    9 months ago

    Neat post and great comments. Saved. Thanks. :)

    My personal setup includes:

    • non web facing homeserver for the juicy stuff
    • vps with stuff I‘d barely miss if it was gone
    • far too many backups
    • automatic cleanup of backups so my hdds dont fill up
    • fail2ban listening on every log, even docker containers with permaban enabled
    • scripts are root 700 and so on

    I‘m aware that stuff might go horribly wrong but so far it hasnt.

      • haui@lemmy.giftedmc.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        Losing stuff costs a lot more, depending on what it is. Also the stress and health risks accompanied are too much for me.

        You can get backups as low as 3$/tb afaik. But I only backup stuff that actually means something to me. Photos and videos, documents and code. No movies which take up a lot of space if you copy them with all the subtitles and languages.

        • HumanPerson@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          9 months ago

          Hey so uhh… I just formated the wrong drive. It’s recoverable but requires terabytes of network transfers so I’m thinking you may be right.