Ancestors

Written by miau@lemmy.sdf.org on 2024-11-04 at 14:31

Help me harden my home server

https://lemmy.sdf.org/post/24652924

=> More informations about this toot | More toots from miau@lemmy.sdf.org

Written by satanmat@lemmy.world on 2024-11-04 at 15:01

The single best thing you can do security wise, is to NOT have any personal data on a web facing server.

Separate the data

Rereading it does look like you are doing the things right; so just audit what is on the public side. - your calendar and tasks- cool

Your photo and docs, do those need to be on there?

they are not accessible on the WAN

If they are on a server that is publicly accessible, please move them to a different location

Otherwise you sound like your doing well

=> More informations about this toot | More toots from satanmat@lemmy.world

Written by miau@lemmy.sdf.org on 2024-11-04 at 15:11

That was a great answer, thank you so much!

Yes I didnt even notice the family photos and docs dont need to be on that same server. Initially I just put them there to act as a local file share. But you are absolutely right, moving them from the public server is the best thing I can do to protect them.

I will look into setting up a second server for the private stuff that is not publicluly accessible

=> More informations about this toot | More toots from miau@lemmy.sdf.org

Written by Lyricism6055@lemmy.world on 2024-11-04 at 16:27

If this server is publicly accessible and gets pwned, they can use it as a jump box for your internal devices.

=> More informations about this toot | More toots from Lyricism6055@lemmy.world

Toot

Written by miau@lemmy.sdf.org on 2024-11-04 at 18:30

Thats a good point, I hadnt thought about it before. I like the possibility of sharing these files in my intranet but I suppose you are right.

Maybe I could use openwrt to split two networks, one for public stuff only, but my knowledge of networking is quite limited.

=> More informations about this toot | More toots from miau@lemmy.sdf.org

Descendants

Written by Lyricism6055@lemmy.world on 2024-11-05 at 01:28

Yeah what you’re talking about is a DMZ, it still won’t help a ton if you don’t have strict firewall controls inside your network too.

I just use wireguard with firewall rules to restrict to just my server with my docker containers on it and my DNS

=> More informations about this toot | More toots from Lyricism6055@lemmy.world

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113426105573235285
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 279.681025 milliseconds
Gemini-to-HTML Time: 1.315415 milliseconds

This content has been proxied by September (ba2dc).