WindirBear

I'm sold...

Hey guys so I just bought a tiny qotom pc to run pfsense on since I've been running my webserver for  a year now with just Wordfence plugin protecting it. I wasn't able to afford to get a firewall and since I want to operate a nextcloud server now is a great time to learn some basic network security 😄
 
I don't know much about network security as there are many ways to attack a network but I've been watching network chuck and other videos and pfsense seems promising. That being said  I don't have remote ssh set up because I'm afraid of brute force attacks. Also my website is online store with practically no traction other than bots attacking my network, so security is important. I also have ip cameras set up for remote access and the firmware SUCKS, I can't change the username so it's stuck at admin, which is such a security risk. So....
 
Is this the a good way to secure my web server, local network, and nextcloud?
Do I need pfsense to secure my servers?
How do you guys secure your network?
Is it best to just run these services through a cloud service like linode?

Whatever you say, boomer.

I hear cocaine is quite the drug.

This guy and his channel 🤢
 
 

Just wait for these chips to fail 3 months after purchase and make the product useless

This guy and his channel 🤢
 
 

i was talking about him
 

*** Thread cleaned ***
 
For sake of everyones mental capacity, lets keep this purely theoretical. Any examples of real world situation will end up with rather pointless and political, racial, ethnicial or religious debates. Which all are warning/suspension worth.
 
Next clean = lock.

Pritty much anything to do with SJW's and the 'woke' lol

This is NOT the sentiment among the vaccinated. It's either you're vaccinated or you're crazy, stupid, selfish, Karen, anti masker, COVID deniers or any other crazy thing they can pin on you. We get it, you're better than us. Just leave us have our reasons for not get vaccinated like you would for people that smoke or drink or do anything unhealthy. I eat Nutella, it's unhealthy shit, but I'm a grown ass adult. I'll be damned if my decision to eat Nutella is taken away! Just like my decision to be unvaccinated.

I'm not really spinning it. This argument can go back and forth. This is why it's controversial. I just want my choices respected. I understand people should get vaccinated and I'm not telling people they shouldn't. I also understand why many are not. I also know that there are crazy people that believe crazy things about the vaccine. Soo as I mentioned in the first post, many vaccinated people do not share this sentiment of understanding.

You're under the impression that I don't understand the consequences of not being vaccinated. This is what I mean when people that aren't vaccinated are looked at as morons by the vaccinated. Everything you said is not new information. Please, allow people to take responsibility for their actions.

This is NOT the sentiment among the vaccinated. It's either you're vaccinated or you're crazy, stupid, selfish, Karen, anti masker, COVID deniers or any other crazy thing they can pin on you. We get it, you're better than us. Just leave us have our reasons for not get vaccinated like you would for people that smoke or drink or do anything unhealthy. I eat Nutella, it's unhealthy shit, but I'm a grown ass adult. I'll be damned if my decision to eat Nutella is taken away! Just like my decision to be unvaccinated.

Support? I thought supports goal is to get you really pissed off, waste your time and get nowhere with your issues, regardless of company. Were we suppose to expect results?

wot

Here is a AliExpress listing for factory defects silicon wafer. It would be cool idea to RGB it. It would be shiny shiny reflective RGB LTT logo
 

My 2014 MacMini that I use as a browsing machine when I’m not using my main rig 

I haven't flown in over a year. Heres a video of a bird trying to attack my quad.
disclaimer: I put the name as a joke because I wouldn't watch anime, but i just started getting into anime and now its just embarrassing.

UnRAID 6.7
ESXi 7 x 3
Windows 2019
Between all 5 of the servers, around 30 VM's...but my primary server (UnRAID) has 3 Powered on 24/7. 
In maintenance time? I've written automation scripts for everything....so probably around 20 minutes a week on average for general tidy and checks. 
Keep antivirus/malware agents up to date on Windows.
Strict user permissions to shares. I use "service accounts" for applications such as qBitTorrent that should be able to write to the shares, my PC's that run nightly backups to the backup share use their own service account that only has write access to the backup folder. I have a Read/Write account I can use, however my shares are mounted Read-Only for regular use and for anonymous use. 
Otherwise I have my network segmented into VLAN's and using Firewalls with strict rules. 
I use TLS based authentication for my Linux Jumpserver and I use Geo-IP filtering for many services (you have to be from certain ISP's). 
In order to RDP into a server externally you need to tunnel that over SSH or connect to the VPN. 
 
Certificate authentication to SSH. I do have NextCloud as well, my general shares can be accessed by certain users in there, but only as read-only. 
I dont really have much use for VPN, I just use my SSH to create a tunnel to RDP from work sometimes if I need to do something. 
 
Ryzen 9 3950X for UnRAID, 128GB Ram
Dual Xeon X5650's & X5670's, 64GB Ram on the rest of the servers. 
LSI Hardware RAID controllers on the ESXi & Windows servers. 
8TB HGST He8's in UnRAID (Gen4 NVMe cache), 4TB WD Red's in Windows, and 500GB Samsung EVO SSD's in the 3 Dell PowerEdge's
Ubiquiti UniFi USG, Switches & AP's for the network. 
Raspberry Pi's for DNS & UniFI controller
 
Not really, i've detailed numerous times what they do in other posts. 
 
I'm an IT Engineer (primarily virtualization, windows environment and microsoft 365), so my Dell's are primarily just test lab equipment, the UnRAID and Windows Servers are my primary home servers. Going to be replacing the Windows Server soon with a NAS appliance. 

Fairly boring hack if that's all that happened. just change your password. if you care enough, set up 2FA

I have a number of servers that play a variety of roles both on and off my network including File Servers, iSCSI servers, VPN servers, Backup Storage Servers, DHCP servers, TFTP servers, BOINC nodes, among other more trivial services. Most run Ubuntu Server 20.04.1 LTS but my primary hypervisor server runs PROXMOX which is a distribution based on Debian Linux. Depends on what I'm doing but right now I have 10+4 LXC Containers with plans to setup more soon-ish. That really depends on what I'm doing in given week but I use my VPN hosted on one of my server very frequently to access my home LAN so it's safe to say several hours if not more. Only allowing Port Forwarding of the servers/services that absolutely need it. Thankfully most of what I need can be accessed via the VPN. Even then password authentication is disabled and root cannot remote in. Users have to authenticate with Password Protected Public Private Key Authentication. Services that need to remote in on a schedule use Password-Less Public Private Key Authentication. Mostly via the VPN. I use Pritunl installed in Ubuntu Server 20.04.1 LTS. If I need to access a specific server from there SSH is preferred. Passwords would be RSA-2048 or RSA-3072 bit encrypted Public Private Key pairs w/ password protection. Installing UFW is also a nice to have for disabling ports or services so only the things you need are accessible. That varies depending on the server. Primary Storage Server Dual Intel Xeon E5-2698v3's 0.5TB NEMIX DDR4 Registered ECC 2Rx4 2400MHz Supermicro X10DRi-T Mini-redundant 800W server PSU from Athena Power 20x Intel 960GB SATA Server grade SSDs (DC-S4500/D3-S4510) Primary Hypervisor server Dual Intel Xeon E5-2670v1's 128GB Kingston DDR3 Unbuffered ECC 1600MHz ASRock Rack EP2C602-4L/D16 Corsair RM850x PSU 8x WD Gold 2TB 7200RPM HDDs 5x WD Red 3TB 5400RPM HDD's 3x Seagate Iromwolf NAS 10TB 7200RPM HDDs 4x Seagate EXOS Enterprise 10TB 7200RPM HDDs Intel 750 Series 400GB PCI_e SSD Mellanox ConnectX-2 MNPA19-XTR 10Gbit NIC w/ SFP-10GSR-85 fiber transceiver Backup File Server Intel Atom C2750 ASRock Rack C2750D4I 16GB G.Skill desktop RAM (temporary) Corsair RMx 650W 3x WD White Label 10TB drives (shucked from WD Elementals) Mellanox ConnectX-2 MNPA19-XTR 10Gbit NIC w/ SFP-10GSR-85 fiber transceiver New Server. Going to replace hardware in Primary Storage Server. Supermicro H11SSL-i AMD EPYC 7601 128GB NEMIX DDR4 Registered ECC 2Rx8 2666MHz A project I'm going to be starting soon-ish is using 10Gig fiber-optic NIC's with iPXE support I'll take nodes on the network and have them boot to iSCSI shares on the hypervisor server. With that I can manage these nodes without any local storage.

i can eat a giant bag of hot cheetos in one sitting... fuck the people that dont like to take spicy poops
xDDDD im drunk