As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).
Thanks!
It really is
From what I get the higher ups wanted to implement those measures to comply with some certification or whatever
Problem is there are workstations from before this decision that are completely open and will probably never be upgraded; and you get new ones that are completely closed to the point workers would rather use their own hardware
If it’s possible to bypass this locked shitshow and just connect through another machine, then it’s really just a half assed measured don’t you think?
I mean it’s not straightforward doing it and probably the guys who would be the easiest victims and entry points can’t bypass the VPN connection to another machine like I could. But then, those who can do it, can also set up stricter firewall rules and control from their own machines, rather than using windows