As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

  • refreeze@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    9 months ago

    You might be interested in setting up network bound encryption via Clevis and Tang. I use a hidden pi zero in my house acting as a Tang server. It’s great being able to reboot any of my encrypted servers without having to manually unlock disks.

    • chayleaf@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      I know about it, but it kinda defeats the purpose (the purpose being police raid protection)