• Semperverus
    link
    English
    7
    edit-2
    1 year ago

    You basically need to employ network engineering level security - very tight firewall rules, use NAT where it’s available (IPv6 removes NAT, which ipv6 apologists will tell you is a good thing - they’re wrong, as it removes per-service level control and moves it out to per-device/per-NIC), and punch very specific holes to grant access where needed.

    Prevent north/south traffic entirely, limit east/west traffic heavily

    • @lyam23
      link
      English
      11 year ago

      Happen to have any resources outlining these steps for the average consumer?