krash

@krash@lemmy.ml

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨NetAlertX - Network presence detection now with workflow automation 🔀⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I wanted to use this on my RPI2 buy I think the CPU is too old 🙃 I to however have a openWRT router and I suppose I can achieve similar functionality with a bit of hacking on the OS.
⁨Comment⁩ on ⁨Just got my OpenWrt switch - what configurations / preparations should I do?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Thank you for taking the time to write this! Well, first stage of my project (getting openwrt my router) has gone according to plan, and now to strive for the next objective 😏
⁨Comment⁩ on ⁨Just got my OpenWrt switch - what configurations / preparations should I do?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Thank you for taking the time to answer throughly! I noted your advice and chunked up my goals into “mini-projects”, once I have all the configurations set and all devices connected to the new router. I did check what I bought is a router, not a switch (I find the naming of the device acting as the gateway between the LAN and WAN to be a bit ambigous: switch, router, gateway…).

As for the IDS capability, this is something that would be done by a raspberry pi being fed packets from the router. I don’t know if I will ever undertake that task, but I keep it in mind if I’ll feel adventorous 🙃

(for those wondering: Linux Magazine #279 has a guide on how to accomplish this with a Fritz!Box 7583).
⁨Comment⁩ on ⁨Just got my OpenWrt switch - what configurations / preparations should I do?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Thank you for all the questions to help me clarify my use case 🙂

At the very basic, I’d like to:
1. achieve better security through segmentation by isolating cloud-connected devices, guest devices from trusted devices.
2. Being able to “pin” a Mac address to an IP, and being able to use internal network name resolution to reach those devices.
3. a blocklist for known ad-domains / malicious domains.
Once the basics are in place, I’d like to elevate my netsec game and implement:
- a high level monitoring capability to seen what devices are communicating with what domains / IPs
- An IDS capability of some sort to be able to detect anomalies in my LAN.
The NAS part is just for convince, it would be nice to have a samba / NFS with my files available when I need them.
Just got my OpenWrt switch - what configurations / preparations should I do?
Submitted ⁨⁨2⁩ ⁨weeks⁩ ago⁩ to ⁨selfhosted@lemmy.world⁩ | ⁨9⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Anyone run a matrix server in the cloud? How much does it cost you?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I think for matrix to be usable in a homelab setting, Matrix needs to enable a way to handle these huge data storage with prune or something similar.
⁨Comment⁩ on ⁨Anyone run a matrix server in the cloud? How much does it cost you?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I found snikket to be quite decent, give it a whirl.
⁨Comment⁩ on ⁨Upvote RSS - Generate RSS feeds from social aggregation websites like Reddit, Lemmy, and Hacker News⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Awesome <3

If you need feedback, testing etc, I’m happy to help. Just pm me and I’ll give you my github account.
⁨Comment⁩ on ⁨Upvote RSS - Generate RSS feeds from social aggregation websites like Reddit, Lemmy, and Hacker News⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
This is really cool. Happy that you included the comments, as I find them often quite insightful. Look forward to spin this up and try it.
⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
There are so many monitoring tools with various degrees of complicated setup / configuration or the amount of information you get. And honestly, I’ve looked into various tools: checkmk, monit, Prometheus… And realised that I rarely look into that information anyway. Of all “fancy” tools, I liked the ease of Netdata to set up and the amount of information that you get. However, beware that their in the process to make their free / homelad offering worse. I’ve been eyeing beszel and don’t forget CLI based tools that are avaible such as atop, btop, htop or glances.

If you want to delve deeper into the rabbit hole of monitoring, I can recommend you to read this article below: matduggan.com/were-all-doing-metrics-wrong/
⁨Comment⁩ on ⁨How do you all handle security and monitoring for your publicly accessible services?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I’ve tried different approaches with fail2ban, crowdsec, VPNs, etc. What I settled on is to divide the data of my services in two categories: confidential and “I can live with it leaking”.

The ones that host confidential data is behind a VPN and has some basic monitoring on them.

The ones that are out in the public are behind a WAF from cloudflare with pretty restrictive rules.

Yes, cloudflare suck etc., but the value of stopping potential attacks before they reach your services is hard to match.

Just keep in mind: you need layers of different security measures to protect your services (such as backups, control of network traffic, monitoring and detection, and so on).
⁨Comment⁩ on ⁨What are some self hosted services that you think are essential?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I used freshrss for quite some time, but the themes always looked a bit “off” for me. Went to miniflux and its awesome in its minimalism.