Comment on New to home networking - Need some security advice!
peter@feddit.uk 8 months ago
Tailscale is more akin to a VPN than being open on the Internet so you would generally be able to treat it like a private network assuming nobody compromises your Tailscale account. That being said, there are a few good practices that you should follow:
- proxmox has good firewalling built into the UI, you can use that to ensure that VMs are unable to reach other VMs that they would never need to to prevent someone from hopping around your network if they comprised a single service.
- SSH keys on all your VMs
- don’t use simple passwords just because they’re private, treat it like any other account
- don’t give services more privilege than they require, e.g if you share a db server between services give each an individual account with it’s own restrictive permissions
Doombot1@lemmy.one 8 months ago
Hmm, well that’s good to hear, about the whole Tailscale thing. I was a bit confused on how that’s actually interacting with the internet. I suppose that even though I can access the stuff from anywhere, I do need the account to actually do so.
To your point about SSH keys - could you elaborate a bit more? I am familiar with SSH in that it exists, but past that, the whole key thing is a bit of a black box (which is part of this whole thing… to learn more about it!)
phanto@lemmy.ca 8 months ago
I don’t know if this is a good analogy, but this is how it was explained to me: I want to send things to people, so I give anyone who asks a key. I keep a bunch of lockboxes that can be opened by that key. When I send them stuff, I lock it up in that box. They know it’s from me if the key works.
I also have a bunch of free boxes in a pile, anyone can grab one, but only I have the key to those. They want to send me stuff? Only I can get into it.