Help with home networking+server security

[OLDBYTE]

Hi :3

 

I might need some help with the security and config of my home setup, ill be moving in some weeks to a much  bigger house so its time to learn how to configure correctly the network so i can safely expand it down the line.

 

I did got a Flint 2 router, a MikroTik CRS310-8G+2S+IN (that im only using as a switch cause is too much to configure), and this mini nas server that i did see featured in a linus video.

https://www.friendlyelec.com/index.php?route=product%2Fproduct&product_id=294 ( the CM3588).

 

I did configure this nas with open media vault, a 4 2TB kioxia drives, in a BTRFS config that lets me get 6 usable TB of space. (i also have jellyfin in a docker compose)

 

And basically i did open a SMB share, thing is i dont trust having a server always on, and the only way i know to be sure no one is breaking in is to have it of every time im not using it.

 

Here is my question, with this setup how i make sure to have a secure network, how to configure things so they can be secure.

 

Thanks:3

 

 

 

[Slottr]

Best bet is to keep any unnecessary ports closed and stick to your internal network with private routing. Use something like tailscale

[OddOod]

1 hour ago, OLDBYTE said:

Here is my question, with this setup how i make sure to have a secure network, how to configure things so they can be secure.

 

The thing with security is nothing is perfect. If someone wants in bad enough, they'll get in. 
Instead, you need to think about threat vectors: who is going to be coming at you. Unless you're High Value (rich, famous, or controversial), you really only need to deal with passive attackers (bots trawling the internet) and novices (teenager down the street). 
If you're in the 99%, a strong password on the Wifi plus keeping software and devices up to date on security patches is all you really need. 
Definitely use a VPN to remotely access the server/network which will allow you to keep almost all your ports closed. 
Otherwise, you're probably totally okay. 

Oh, and the point of a server is that you don't shut it down. 

[OLDBYTE]

2 hours ago, Slottr said:

Best bet is to keep any unnecessary ports closed and stick to your internal network with private routing. Use something like tailscale

Okay , need help with the private routing and tailscale, i did see it in the router config but i really dont know what is it. 

[OLDBYTE]

2 hours ago, OddOod said:

The thing with security is nothing is perfect. If someone wants in bad enough, they'll get in. 
Instead, you need to think about threat vectors: who is going to be coming at you. Unless you're High Value (rich, famous, or controversial), you really only need to deal with passive attackers (bots trawling the internet) and novices (teenager down the street). 
If you're in the 99%, a strong password on the Wifi plus keeping software and devices up to date on security patches is all you really need. 
Definitely use a VPN to remotely access the server/network which will allow you to keep almost all your ports closed. 
Otherwise, you're probably totally okay. 

Oh, and the point of a server is that you don't shut it down. 

Thanks for your help,

 

I really dont need remote access (work from home),so the strong password on the wifi network is done , ap isolation is on, so the only thread is in the port and firewall part, not sure how to configure it or how it works tho. 

[OddOod]

Just now, OLDBYTE said:

Thanks for your help,

 

I really dont need remote access (work from home),so the strong password on the wifi network is done , ap isolation is on, so the only thread is in the port and firewall part, not sure how to configure it or how it works tho. 

I don't really think you need a dedicated firewall. Pretty much every system you have should have a built in one that's serviceable.
As for ports, you can check in the router settings to see if any are open that you didn't know about, but other than that, you should be fine