New to home networking - Need some security advice! - eviltoast

I’m very new to home networking. I’m not new to computers (hardware or software) - but for whatever reason, anything network-related has always been an enigma to me.

That said - I just got a new (to me) server. It’s a beefy one (made a post about it in another community). And so I figured why not just start playing around with Proxmox, learning some new things and spinning up a bunch of random VMs and whatnot.

I figured the first step would be to set up something such that I can connect to my computers from anywhere - and I’ve already done so. For that, I used Tailscale. But my question, I suppose, is now that my computers are on the internet (as in, for real on the internet, through Tailscale) - are there security precautions I have to take now and things I need to be more concerned about? Do I have to set up my own special firewall to make sure I don’t get hacked or something? I am honestly pretty clueless in that whole domain. So… ELI5 what I have to do, security-wise. Any and all help is welcomed and appreciated.

Bonus question: beefy server is beefy (yes yes, lots of power consumption, I’ve already come to terms with it. About 200W idle and should run me ~$40/mo.). Dual 18-core E5-2699 v3s. 768GB of RAM. More SSD storage in both boot drives and storage drives than the average human would use in a thousand years (SAS, SATA, & NVMe). I asked this over on c/piracy - what should I do with it? I’ve put Proxmox on it, and as said above, plan on learning things about VM hosting and different operating systems and whatnot. I’m also planning on hosting my own Jellyfin server. But… what else? Does anyone have any good ideas for any (non-GPU-intensive) things I can do with the server? Anything and everything welcome, lol - I wanna have fun with this thing!

TIA for the responses :)

  • Kryzm@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Disclaimer - I’m pretty new to all this too, so someone will probably describe this in better detail, but here’s my rough explanation:

    So for the sake of security, being on talescale is akin to having your devices on the same (virtual) network, not to having publicly facing ports opened. As a result it doesn’t meaningfully increase your attack surface.

    If you’re reaching a server via SSH over Tailscale, it’s not the same as if you were using SSH over the open Internet (opening port 22 on your router to the public). Tailscale basically tricks your devices into thinking they’re on the same network, then using TLS (secure tunnel, like other VPN products would use) it allows you to connect to ports that are open on the device.

    You may need to open ports on a software firewall if you’re running it (e.g. I use UFW on my Ubuntu server). The only additional attack surface in this case are your Tailscale account credentials, though it’s way less likely someone tries to get in that way than if you had an open port facing the Internet.

    • SheeEttin@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      This is accurate. Although there may also be a preauth vuln in tailscale, meaning there’s a possibility of attack without needing any creds at all, but those are relatively rare.