Wouldn’t that last bullet mean you’re not updating the windows machines whatsoever? Would this not cause more security issues in the long run, considering “connected tot he internet” isn’t a requirement to spread an infection.
Comment on [deleted]
Dehydrated@lemmy.world 11 months ago
- Custom Router/Firewall running OPNsense and the Sensei plugin
- Extensive DNS filtering through Pihole
- Redirecting all DNS requests to my Pihole through OPNsense
- My entire network is behind a multi hop VPN
- I don’t let any Windows systems connect to the internet, instead, I have a Linux server which is connected to the internet (through a VPN of course) and runs a browser, and I use X2go to access the browser which is running on the Linux server
KairuByte@lemmy.dbzer0.com 11 months ago
Dehydrated@lemmy.world 11 months ago
It might sound ridiculous, but I currently also run a WSUS server to get Windows updates. But I will probably replace my entire Windows setup with a better solution. Since I don’t run Windows bare-metal anymore, I’m looking forward to using offline Windows VMs on my Proxmox host and just accessing the internet directly from my Linux machine.
MigratingtoLemmy@lemmy.world 11 months ago
Since you’re running x86 for your router, do you actively prevent ME from trying to connect to the Internet?
Dehydrated@lemmy.world 11 months ago
I am aware of the ME, but I can’t really do anything about it. Current ARM SBCs are not suitable for a router/firewall (at least in my experience). I’m not that concerned about it though.
MigratingtoLemmy@lemmy.world 11 months ago
OpenWRT isn’t half bad for usual “router stuff”, but advanced usage is a bit hard to do. Of course, that doesn’t eliminate the problem since ARM can have plenty of backdoors too
Dehydrated@lemmy.world 11 months ago
I know, I tried OpenWRT on a Pi, but the experience wasn’t great (at least not as a home router).