cjtibule/MyPlaygroundBlog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed broken link on latest post
All checks were successful
ci/woodpecker/push/build Pipeline was successful
Details

Browse Source
This commit is contained in:
Carl Tibule
2024-09-12 21:31:45 -05:00
parent 75796275f2
commit 48dc60a45a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/tightening-network-security.md
View File

@ -4,7 +4,7 @@ date = 2024-09-12T20:00:00-05:00
tags = [ "cloudflare", "npm", "security", "unifi", "proxmox", "unraid"]
+++
I've finally decided to address one of the projects that I've set out to do in [Part 2](./soha-2024-part-2.md) of my inaugural homelab report. I have been wanting to establish a DMZ for the longest period of time, but I've been intimidated because of the lack of my knowledge about both networking and security. For the uninitiated: A DMZ (Demilitarized Zone) is a network that hosts public-facing services on your network and has rules applied to it to limit or completely cut off its communication with the rest of the internal network. If implemented properly, any sort of breach in the network would be limited to that network only, without it ever spreading to the rest of your network.
I've finally decided to address one of the projects that I've set out to do in [Part 2](../soha-2024-part-2) of my inaugural homelab report. I have been wanting to establish a DMZ for the longest period of time, but I've been intimidated because of the lack of my knowledge about both networking and security. For the uninitiated: A DMZ (Demilitarized Zone) is a network that hosts public-facing services on your network and has rules applied to it to limit or completely cut off its communication with the rest of the internal network. If implemented properly, any sort of breach in the network would be limited to that network only, without it ever spreading to the rest of your network.
Previously, all of my services are in a single network I had named Infrastructure. I had my port forwarding set to forward any external requests to port 80 and 443 to my Nginx Proxy Manager. Within NPM, I had created an Access List for private IP ranges and limited all "internal" services to that access list only. In theory, it should keep out outside connections to those internal services. However, there is only one layer of security between the outside world and my network.