As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

  • @thantik
    link
    English
    34
    edit-2
    10 months ago

    I’ve replaced reconnaissance commands (a handful of them found here: https://www.cybrary.it/blog/linux-commands-used-attackers) – whoami, uname, id, uptime, last, etc

    With shell scripts which run the command but also send me a notification via pushover. I’m running several internet-facing services, and the moment those get run because someone is doing some sleuthing inside the machine, I get notified.

    It doesn’t stop people getting in, I’ve set up other things for that – but on the off chance that there is some zero-day that I don’t know about yet, or they’ve traversed the network laterally somehow, the moment they run one of those commands, I know to kill-switch the entire thing.

    The thing is, security is an on-going process. Leave any computer attached to the internet long enough and it’ll be gotten into. I don’t trust being able to know every method that can be used, so I use this as a backup.

    • @MigratingtoLemmyOP
      link
      English
      710 months ago

      That’s a very good idea. Something to think about, especially if you have open ports and are paranoid enough (aren’t we all? Hehe). Thanks