As my home network grows, I’ve been trying to tighten down the security and separate devices/VMs/containers into vlans and hide them behind reverse proxies and security gateways.
That being said, I would love to hear what approaches folks use to pen test their self hosted environments to find any holes/leaks.
Generally, I don’t.
But you can run nessus for free, and have shodan scan you externally. If you’re running AD, you can run bloodhound and pingcastle as well.
You could also look at not making anything available publicly and using something like tailscale to get access to your services.
Considering a lot of the things I host are for web use, I don’t think that would be an option ;)
But yeah, services that are not meant for web use are blocked from the net
Nothing :O
I have a strong password on the only appliance exposed which I keep updated and then I have backups of everything.
5 years ago I took a crypto-locker on the windows PC that my brother exposed to internet, luckily it only affected the computer which was used as a media player, nothing important.
If you have suggestion on pen-test to run I’m all hears
