As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

  • MSgtRedFox@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 months ago

    I have the older Sophos utm, which doesn’t use the Sophos cloud central manager.

    I think their new firewall utm can work disconnected, but I don’t know.

    Sophos has a home use license that’s free for non business use.

    I love companies that do community edition or free home use.

    Sophos, Veeam has nfr, Elastiflow has community edition, which is a netflow.

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      This is the first time I’ve come across Elastiflow, thanks for mentioning it. Seems like an intriguing service to add.

      I was considering using Suricata/installing Security Onion to do IDS from the certificate from a private CA. Sophos firewall seems pretty good too.