New to home networking - Need some security advice! - eviltoast

I’m very new to home networking. I’m not new to computers (hardware or software) - but for whatever reason, anything network-related has always been an enigma to me.

That said - I just got a new (to me) server. It’s a beefy one (made a post about it in another community). And so I figured why not just start playing around with Proxmox, learning some new things and spinning up a bunch of random VMs and whatnot.

I figured the first step would be to set up something such that I can connect to my computers from anywhere - and I’ve already done so. For that, I used Tailscale. But my question, I suppose, is now that my computers are on the internet (as in, for real on the internet, through Tailscale) - are there security precautions I have to take now and things I need to be more concerned about? Do I have to set up my own special firewall to make sure I don’t get hacked or something? I am honestly pretty clueless in that whole domain. So… ELI5 what I have to do, security-wise. Any and all help is welcomed and appreciated.

Bonus question: beefy server is beefy (yes yes, lots of power consumption, I’ve already come to terms with it. About 200W idle and should run me ~$40/mo.). Dual 18-core E5-2699 v3s. 768GB of RAM. More SSD storage in both boot drives and storage drives than the average human would use in a thousand years (SAS, SATA, & NVMe). I asked this over on c/piracy - what should I do with it? I’ve put Proxmox on it, and as said above, plan on learning things about VM hosting and different operating systems and whatnot. I’m also planning on hosting my own Jellyfin server. But… what else? Does anyone have any good ideas for any (non-GPU-intensive) things I can do with the server? Anything and everything welcome, lol - I wanna have fun with this thing!

TIA for the responses :)

  • Big P@feddit.uk
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Tailscale is more akin to a VPN than being open on the Internet so you would generally be able to treat it like a private network assuming nobody compromises your Tailscale account. That being said, there are a few good practices that you should follow:

    • proxmox has good firewalling built into the UI, you can use that to ensure that VMs are unable to reach other VMs that they would never need to to prevent someone from hopping around your network if they comprised a single service.
    • SSH keys on all your VMs
    • don’t use simple passwords just because they’re private, treat it like any other account
    • don’t give services more privilege than they require, e.g if you share a db server between services give each an individual account with it’s own restrictive permissions
    • Doombot1@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Hmm, well that’s good to hear, about the whole Tailscale thing. I was a bit confused on how that’s actually interacting with the internet. I suppose that even though I can access the stuff from anywhere, I do need the account to actually do so.

      To your point about SSH keys - could you elaborate a bit more? I am familiar with SSH in that it exists, but past that, the whole key thing is a bit of a black box (which is part of this whole thing… to learn more about it!)

      • phanto@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I don’t know if this is a good analogy, but this is how it was explained to me: I want to send things to people, so I give anyone who asks a key. I keep a bunch of lockboxes that can be opened by that key. When I send them stuff, I lock it up in that box. They know it’s from me if the key works.

        I also have a bunch of free boxes in a pile, anyone can grab one, but only I have the key to those. They want to send me stuff? Only I can get into it.