Well, thats a lot to concern, and some points, I can probably not check in the nearer future (like the router beeing my own and not my ISPs. I am bound to the Router by contract. But I will keep that in mind. This made my “look into” list a lot longer :D
Comment on What do I actually need?
NaibofTabr@infosec.pub 3 weeks ago
My main reasons are sailing the high seas
If this is the goal, then you need to concern yourself with your network first and the computer/server second. You need as much operational control over your home network as you can manage, you need to put this traffic in a separate tunnel from all of your normal network traffic and have it pop up on the public network from a different location. You need to own the modem that links you to your provider’s network, and the router that is the entry/exit point for your network. You need to segregate the thing doing the sailing on its own network segment that doesn’t have direct access to any of your other devices. You can not use the combo modem/router gateway device provided by your ISP. You need to plan your internal network intentionally and understand how, when, and why each device transmits on the network. You should understand your firewall configuration (on your network boundary, not on your PC). You should also get PiHole up and running and start dropping unwanted inbound and outbound traffic.
OpSec first.
xtapa@discuss.tchncs.de 3 weeks ago
Onomatopoeia@lemmy.cafe 3 weeks ago
You can always add your own router between the cable company and your network. This is, after all, what the entire internet looks like.
I currently have 2 routers downstream of my cable modem, because I had them and it was easier than setting up a business class router.
xtapa@discuss.tchncs.de 3 weeks ago
True enough. Didn’t think about that tbh.
CapitalNumbers@lemm.ee 3 weeks ago
Maybe a silly question, but is simply having the thing doing the sailing running on what might be a docker container that only has access to the internet via a VPN connection okay? my friend told me this is his set up
like, logically speaking this seems to be basically fine, since the sailing ship’s data is not visible to the ISP