As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      As far as lock out, you create a break glass on everything. Emergency account with non rememberable ridiculous password, saved in a safe place.

      This is such a great and a simple idea. Thanks.

      I think I followed your setup at a high level, but because I don’t have hands-on experience with AD I didn’t quite catch the scope of it. Thanks for letting me know, I’ll get some reading done when I get the time!