Security

Intro In my homelab I’ve been tediously managing firewall rules using ufw, iptables, and fail2ban. While this works well, I believe it’s overly complicated for my setup. This led me down the rabbit hole of how to implement firewall rules in Proxmox. Proxmox’s firewall is extremely competent, but it can be tricky as well. One thing I learned about Proxmox is that you need to make sure the firewall is enabled in multiple places. You have several layers of firewalling, one for the hosts, one for the VMs, and one for services running in VNETs. These firewall rules are backed by either iptables or the more modern nftables in the case of VNETs. ...

Hello everyone! Today I wanted to discuss how I’m keeping track of Fail2ban logs on my Proxmox cluster. For those of you who don’t know what Fail2ban is, it is a simple program that can automatically ban threats via iptables by parsing log files and scanning for regex patterns. Here is a sample file that can be parsed: [Definition] failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.* ignoreregex = And here is the the jail configuration: ...

Hey Everyone! I wanted to share a small (pun intended) improvement to my personal security hygiene. That small improvement is called a YubiKey! For those unaware, a YubiKey is a hardware-based MFA device. It supports an MFA standard known as FIDO2, which is much more secure than TOTP. I’ve begun implementing this across various applications including my personal email, DNS provider, and even 1Password. The main draw for me is that if any of your authenticator apps are compromised, you are still susceptible to a hack. ...

What are your favorite password managers? I used to use LastPass, and while it worked fine for me, I eventually switched to 1Password and haven’t looked back. What I really like about 1Password is the extra layers of authentication. You either need a secret key or another authenticated device to approve your login. Plus, you can stack that with MFA for even more security. Last I checked, LastPass doesn’t have a secret key, just MFA. ...