From 48dc60a45a5e583bc0a438a0652c3c247aedc97d Mon Sep 17 00:00:00 2001 From: Carl Tibule Date: Thu, 12 Sep 2024 21:31:45 -0500 Subject: [PATCH] Fixed broken link on latest post --- content/posts/tightening-network-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/tightening-network-security.md b/content/posts/tightening-network-security.md index c5407dc..d35f3f6 100644 --- a/content/posts/tightening-network-security.md +++ b/content/posts/tightening-network-security.md @@ -4,7 +4,7 @@ date = 2024-09-12T20:00:00-05:00 tags = [ "cloudflare", "npm", "security", "unifi", "proxmox", "unraid"] +++ -I've finally decided to address one of the projects that I've set out to do in [Part 2](./soha-2024-part-2.md) of my inaugural homelab report. I have been wanting to establish a DMZ for the longest period of time, but I've been intimidated because of the lack of my knowledge about both networking and security. For the uninitiated: A DMZ (Demilitarized Zone) is a network that hosts public-facing services on your network and has rules applied to it to limit or completely cut off its communication with the rest of the internal network. If implemented properly, any sort of breach in the network would be limited to that network only, without it ever spreading to the rest of your network. +I've finally decided to address one of the projects that I've set out to do in [Part 2](../soha-2024-part-2) of my inaugural homelab report. I have been wanting to establish a DMZ for the longest period of time, but I've been intimidated because of the lack of my knowledge about both networking and security. For the uninitiated: A DMZ (Demilitarized Zone) is a network that hosts public-facing services on your network and has rules applied to it to limit or completely cut off its communication with the rest of the internal network. If implemented properly, any sort of breach in the network would be limited to that network only, without it ever spreading to the rest of your network. Previously, all of my services are in a single network I had named Infrastructure. I had my port forwarding set to forward any external requests to port 80 and 443 to my Nginx Proxy Manager. Within NPM, I had created an Access List for private IP ranges and limited all "internal" services to that access list only. In theory, it should keep out outside connections to those internal services. However, there is only one layer of security between the outside world and my network.