My security is fairly simplistic but I’m happy with it

• software protection

  • fail2ban with low warning hold
  • cert based login for ssh (no password Auth)
  • Honeypot on all common port numbers, which if pinged leads to a permanent IP ban
  • drop all firewall
  • PSAD for intrusion/scanning protection (so many Russian scanners… lol)
  • wireguard for VPN to access local virtual machines and resources
  • external VPN with nordVPN for secure containers (yes I know nord is questionable I plan to swap when my sub runs out)

• physical protection

  • luksCrypt on the sensitive Data/program Drive ( I know there’s some security concerns with luksCrypt bite me)
  • grub and bios locked with password
  • UPS set to auto notify on power outage
  • router with keep alive warning system that pings my phone if the lab goes offline and provides fallback dns

• things I’ve thought about:

  • a mock recovery partition entry that will nuke the Luks headers on entry (to prevent potential exploit getting through grub)
  • removing super user access completely outside of local user access

I understand some of these words.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

15 acronyms in this thread; the most compressed thread commented on today has 16 acronyms.

[Thread #493 for this sub, first seen 6th Feb 2024, 16:55] [FAQ] [Full list] [Contact] [Source code]