Comment on How do I avoid becoming one with the botnet?
ryokimball@infosec.pub 17 hours agoI think most home lab/shelf hosters start off because they want to learn something. I think (generally, philosophically) many people never start something new even if it interests them because they are afraid. To this point, it sounds like you can either let the fear prevent you from doing what you want, or you can use the fear as a learning tool.
Start simple. Build something very easy and isolated, air gap it if you need to. Figure out how logs and monitoring work, maybe even try attacking it yourself, so you have confidence that even if it’s compromised you will see how and why. Then you can connect it to the internet, isolated from the rest of your network, and then you will learn how well- or un-founded those fears are. Learn even more about monitoring and defending, then start looking for a job as a cybersecurity professional because you are already well underway.
bitcrafter@programming.dev 16 hours ago
I mostly just like building and tinkering with things, and I really like the idea of setting up services that I control that host my own data that I can access from anywhere. I have no real interest in learning about more than the minimum amount needed to do that simply because that is not how I would like to spend my time.
(Lest you continue to have the wrong impression that I am afraid of learning new things: There was a period in my life where I was constantly learning new technologies, programming languages, etc. Eventually I realized that I had demonstrated that I was capable of learning anything that I wanted, and there were so many things out there to learn that I needed to start becoming more selective. At the moment my learning goals tend to be more math focused; currently I am trying to learn graduate-level category theory and measure theory.)
If I really need to master all of the steps that you’ve described before deploying my host on the Internet, then my conclusion is that it is more trouble than it is worth, because my concern is that if I screw up then I will make the Internet a worse place by contributing to botnets.
irmadlad@lemmy.world 15 hours ago
Nah dude. You’re not going to make the internet worse because a bot opened a door you thought was locked and let himself in. That’s rubbish. Do some reading, study up, deploy the server. Monitor before you start putting any PII on the server. Deploy a couple fun Docker containers. Monitor. Build your confidence.
Don’t let fear get the best of you. I have a load of fun with my set up as, like you, I love to tinker. Nothing I have done can’t be replicated through studying, asking questions, deploying in gradual steps. I have no certifications or any of that pro stuff some of these guys. Just a regular schmoe. It really isn’t that much hassle once you get everything set up and you have confidence in your server’s defenses.
DO IT!!!