LAN security

LAN security options for the server

  • Whole disk encription (prevents bypassing security by reading the disk with another computer)
  • Dedicated server (reduces exploitable surface area)
  • Linux OS (protects from windows malware)
  • Firewall blocking all but ssh and the noodle http[s] ports. (reduces exploitable surface area)
  • ssh keys (prevents password guessing on ssh)

Network

  1. On a network not (even indirectly) connected to the internet. (most secure)
  2. On a network only indirectly connected to the internet with no Microsoft windows devices on the network.
    • Encrypted VPN or better yet a ssh tunnel (use with keys will prevent MITMA from a spoofed wifi or an untrusted ISP or government)
    • Anonymity networks like tor can be used (optionally with ssl or ssh) (in practice will prevent anyone, including governments, from knowing what server a user is talking to)
  3. On a network only indirectly connected to the internet.
  4. On a public network with a firewall or NAT port forwarding blocking all but one port
  5. On a public network (least secure)