Goofed Home

From time to time I like to review my network to see where I can tighten up. Review logs, check out the landscape, and make sure there are no gaps. Today, I have some downtime, so I figured it’d be a good for it. Since I am not a certified IT professional, this is what I have cobbled together reading, and seeing what others have done. I’d like to bounce this off you guys who are more experienced than I and get your impressions. If you have any recommendations, I’m always down to be schooled.

So if you’d like to participate in my audit, I have a home network as follows:

• Modem receiving IP from ISP. Modem to router. Router to stand alone pfsense firewall. Router has a 54 character complex password for WiFi. There are no guest provisions for WiFi.
• Pfsense firewall with pfblockerng & suricata running on both lan and wan, both with a full array of rules/feeds updated daily. pfsense has tailscale as an overlay vpn. Server traffic and PC traffic have their own VLAN provided by pfsense. My approach is to deny all until something complains and address that on a case by case basis. Additionally ntopng is utilized for traffic analysis. IPv6 is disabled.
• Server running Tailscale as an overlay VPN, UFW deny all posture, and fail2ban with an aggressive posture. Server has been hardened against Lynis spec where applicable. Not all recommendations apply to my server. Server is utilizing host deny/host allow and SSH keys.
• Server is utilizing containers for services.
• Server is using Cloudflare tunnel/zero trust.
• Server and pfsense communicate via Tailscale encrypted tunnel. PC/Phone/mobile device can communicate with pfsense via Tailscale.
• Server services are accessed via https.
• PC connected to pfsense firewall with same rules as server. PC is using a VPN with Cloudflare 1.1.1.¹⁄₁.0.0.1 for DNS queries. Firefox is using 1.1.1.¹⁄₁.0.0.1. Settings for Firefox are the strictest for Enhanced Tracking Protection, and DOH. HTTPS-Only mode enabled. PC is also running a soft firewall.
• All other devices such as phones, laptops, and tablets run a VPN with Cloudflare 1.1.1.¹⁄₁.0.0.1 for DNS queries.
• IoT devices are isolated. Phones are isolated. Smart TVs are isolated.

How secure would you say this network is and give any recommendations to further harden the network besides keeping up with current updates, monitoring and auditing logs.

Thanks

You’re ahead of an alarming number of my colleagues by just trying until you can get it working then documenting things

I have to document. At 71, with a TBI, my brain is not what it used to be. Sometimes I don’t even remember what I had for breakfast. LOL

Idk, it might be old news to everyone.

I just discovered that we can follow the magazines the profiles publish, like !brasil-dw_brasil@flipboard.com that turns into a community, or follow them directly like @dw_brasil@flipboard.com, turning all of their posts into a microblog feed (on mbin, mastodon, etc).

Might be interesting to people, if they want to see some different type of posts, news, articles or cultural analysis.

I see this as a win-win, they get their “someone entered your website through flipboard and the fediverse” (the links come with only this tracking) and we get different “content”.

Thanks for sharing the method! Will take a look!

Great info, cheers! 🚀

Random garbage keystrokes you put in before searching for the correct nope out procedure?

Nano is for chemists maybe. Editing couple of lines and saving.

But vim is one of the most powerful text editors ever created. It’s so powerful and good that it gets ridiculous. Also, from an ergonomic standpoint, your body will thank you for using vim/neovim

Hi there! So I understand that federated systems can speak to one another and interact. My question I guess is should I be using my Mastodon account to log into PieFed, and PixelFed, and Bookwyrm? Or do I need to create specific accounts for all these services, just as I did before?

I understand that someone on Mastodon could potentially follow my PixelFed account and see my posts. But wouldn’t it make sense to have one single identity (if one wished) so it collected all of my stuff in one place? Just wondering if I am missing the point?

Sorry if I sound like an idiot here. I really love the idea of federated services, just want to make sure I am “doing it right” so to speak.

Can mbin browse Lemmy/piefed? I would love to only use one app/login if possible. If one application can correctly view/post to each service - then it would seem logical to just use the one. I might switch to mbin If it can browse Lemmy content.

For sure !piefed_meta@piefed.social is in the list of “magazines” (communities as they are known on mbin) and more communities too.

Take that oatmeal cookie recipe and leave out the cinnamon and optional nuts or fruit. Add 2 teaspoons of fresh ground star anise.

Digging into this deeper. I love this project. Publicly sourced on GitHub and codeberg. Super cool!

Well, the jerk store called, they’re running out of you!

I remember 2018 being the worst year for memes. Then agaim, it was also when I was surrounded by assholes as well.

And movies, tv shows, game servers and what not. Kindly stop beliving your source needs to provide at ¹⁰⁰⁰⁄₁₀₀₀, thats just a sales gimmic from the operators.

I find this show’s plot/story laughably bad but the style is amazing!… like a Lambo with a chevy engine hahaha.

Ok, so it’s actually good that you are noticing that part of yourself that is afraid of abandonment. That is very common with people that have a bit of a tough background. It is also possible that she had some fear of abandonment when she was a child, so she may be doing a kind of trauma-reenactment. To an extent, I understand where you’re coming from and how you feel. Sometimes when people say “Oh, I totally understand!” doesn’t really help. It sounds like you might have had a bit of a rough childhood, due to social standards, such as hiding mental disabilities. I ask you to not turn to drugs, alcohol, or sex when you’re struggling. It might feel hard. It might feel impossible. But if you ignore it, then you can’t help yourself help yourself. Hurt people hurt people, because they were hurt by hurt people. And the cycle continues. This isn’t just directed to you, but anybody that needs help and doesn’t know how to ask for it in person. A river can only flow after the storm.