|
|
|
|
|
|
by lmm
3079 days ago
|
|
|
I go a little further in the same direction: I treat even my wired home network as an untrusted network transport. My home server exposes exactly the same things to the LAN that it does to the public Internet (indeed as far as I'm concerned the LAN just is part of the public Internet - with IPv6 my home server even has the same address from either). My only open ports are secure protocols like SSH or HTTPS or PostgreSQL-with-SSL. I do use OpenVPN to run a few nonsecure "legacy" nonsecure protocols - the servers for those listen only on the VPN interface which isn't bridged to the physical LAN - but these days I very rarely need it. |
|
|