As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).
Thanks!
Neat post and great comments. Saved. Thanks. :)
My personal setup includes:
- non web facing homeserver for the juicy stuff
- vps with stuff I‘d barely miss if it was gone
- far too many backups
- automatic cleanup of backups so my hdds dont fill up
- fail2ban listening on every log, even docker containers with permaban enabled
- scripts are root 700 and so on
I‘m aware that stuff might go horribly wrong but so far it hasnt.
Thanks
I need to start doing backups but storage costs money.
Losing stuff costs a lot more, depending on what it is. Also the stress and health risks accompanied are too much for me.
You can get backups as low as 3$/tb afaik. But I only backup stuff that actually means something to me. Photos and videos, documents and code. No movies which take up a lot of space if you copy them with all the subtitles and languages.
Hey so uhh… I just formated the wrong drive. It’s recoverable but requires terabytes of network transfers so I’m thinking you may be right.
