What are the most paranoid network/OS security measures you've implemented in your homelab? - eviltoast

As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

    • Dehydrated@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      9 months ago

      I am aware of the ME, but I can’t really do anything about it. Current ARM SBCs are not suitable for a router/firewall (at least in my experience). I’m not that concerned about it though.

      • MigratingtoLemmy@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        9 months ago

        OpenWRT isn’t half bad for usual “router stuff”, but advanced usage is a bit hard to do. Of course, that doesn’t eliminate the problem since ARM can have plenty of backdoors too

        • Dehydrated@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          9 months ago

          I know, I tried OpenWRT on a Pi, but the experience wasn’t great (at least not as a home router).