this post was submitted on 15 Oct 2023
21 points (100.0% liked)

homelab

6589 readers
1 users here now

founded 5 years ago
MODERATORS
CMonster@lemmy.ml
21
Best practice for outward facing services (lemmy.world)
submitted 2 years ago by root@lemmy.world to c/homelab@lemmy.ml
6 comments fedilink hide all child comments
 

I currently have several VLANS (management for network devices, iot for smart devices, infra for security cameras and NAS, one for personal devices, anothe for guests, etc.

Currently I'm hosting a game server which is exposed to the outside world and am thinking of adding a couple more similar services.

Is it best practice to put such machines on their own isolated VLAN to minimize their attack surface?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] koper@feddit.nl 5 points 2 years ago (1 children)

Yes, it is generally a good idea to put internet-facing servers on a network that is separated from the local network. The point of this is not to minimize their attack surface (since they are already connected to the internet after all) but to prevent them from being used as a stepping stone for attacks on your internal network. To make this effective, you should block traffic from the internet-facing network to the rest of your network and treat it as potentially untrusted.

[โ€“] poVoq@slrpnk.net 2 points 2 years ago

The reverse is also true. The typical Windows PC is much more prone to being breached than a reasonably well managed Linux server.