What are the most paranoid network/OS security measures you've implemented in your homelab? - eviltoast

As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

  • enkers@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    13
    ·
    9 months ago

    Using SPA firewall knocking (fwknop) to open ports to ssh in. I suppose if I was really paranoid, the most secure would be an air gap, but there’s only so much convenience I’ll give up for security.

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      I’m going to save your comment because it has opened up a new technique for network security that I had never thought of before. Thanks a bunch