As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).
Thanks!
Mine’s pretty simple, I have a “don’t open ports until ABSOLUTELY NECESSARY” policy, wireguard works well enough for everything else I need to access remotely. I also keep SSH disabled on any machine that has direct access to the internet.
Do you use a KVM to interact with machines that can access the Internet?
No, as it’s just my main desktop, my laptop and an isolated PiHole VM