A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.53K Posts
- 114K Comments
- Modlog
I dont know. I’m in an adjacent industry, and even amongst some of my colleagues who do have degrees, there are some significant knowledge gaps. Companies often have entire teams dedicated to cyber security, and still get this wrong.
There are just so many subtleties that need to be done right. I’m pretty certain that even my setup isnt properly secure, and the only reason things haven’t crashed down is pure luck.
The appliance model is probably the best way to enforce security practices for regular users, but that pushes significant control/responsibility back to the supplier (they must stay up to date with patches, force push out updates so no one is left behind, limit flexibility so everyones setup is relatively homogeneous). Done right (for security), that costs a lot of money, so likely a subscription model. And it rapidly becomes a “cloud” service that runs off your own electricity, which loses all the self hosting benefits.
OK, so I’ve spent a load of time on this today. Searching for “self-hosting security” mostly brings up mostly home surveillance camera results.
I’ve found this resource and have implemented his recommendations. Finally a good resource and I’m feeling much better after hardening SSH access, closing open ports in the firewall, installing Fail2Ban, etc.
I would encourage you to setup wireguard or tailscale, so that you dont have to expose SSH at all, but SSH hardening is definitely a good start.
Worth monitoring your SSH logs as well, that’ll give you an idea of how constant the automated attacks can be. Even when I was using a non-standard port, I was getting heaps of attacks.
I’ve got to figure that out still. Each step is a lot of learning and troubleshooting. I’ve changed the SSH port, deactivated root login, deactivated password login and left the passkey token on only my desktop PC with Fail2Ban. I’m waiting till I have another weekend I’m not at work to figure out VPN access. I’m using Synology reverse proxy system so I hope I’m secure enough for now anyway.