Last active
October 12, 2022 03:12
-
-
Save scfcode/dc904e98578b6d87af387201b8db1f36 to your computer and use it in GitHub Desktop.
Security Scribbles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Security scribbles based on Lawrence Systems youtube Episode 74 | |
The Homelab Show Episode 74: Tips For Securing Your Homelab | |
https://www.youtube.com/watch?v=Hu8NV9XFBNE | |
Passwords self hosted Bitwarden | |
Use vlans | |
Don't use "no name" sec. cams | |
VPN - tailscale vpn - to avoid port forwarding | |
Backups, tested backups | |
offsite nextcloud | |
Login via ssh keys not passwords, look for their video on ssh keys | |
Don't run as root | |
Use a different ssh port | |
Phones on another vlan, same as other IOT items | |
Servers out on their own networks, segmented | |
Plan to update | |
Security Onion | |
graylog | |
https://www.graylog.org/ | |
ips/ids - Intrusion Detection | |
beware of false positives, don't turn on all the rules | |
snort, suricata, etc | |
Endpoint protection | |
Microsoft Defender "has gotten way better", "rates at the top" | |
For Linux? ... maybe not a concern, but be careful of adding 3rd party repos | |
Docker image/compose risk vector | |
Consider the source | |
wazuh https://wazuh.com/ | |
Honeypots... | |
Canary tools, free versions | |
Packages / Docker, be aware of what you are getting |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment