Thank you so much for this amazing answer! VLAN, WAN, NAT, switch layers, lots of new stuff to read up on!
I could go with a separate, low power machine for public hosting for now, at least until I have a firmer grasp of security basics. Then again, I’m getting the second IP literally for even less than free, so no losses incurred if it sits unused until I learn up. I have considered cloud hosting, looked at multiple options, DigitalOcean, Heroku and AWS included. But I’ve always been drawn to messing with hardware, and all of cloud hosting is very “virtual”, for a lack of a better term. None of it has the same appeal for me as having a physical, self-hosted machine, that I can use and modify however I need or want to.
Do you maybe have any suggestions for starting points in network/server security? I’ve seen a lot of general information, like disabling and never using root accounts in any Unix/Linux environment, only use sudo for extreme necessities, and other basic setup tips, like setting a firewall VM or having everything pass through a separate hardware machine that acts like a firewall. But, again, very seldom do I find anything explained, like, why is root dangerous, what is a firewall VM, what software do I use for this thing or that thing, best practises of hardware/software/connectivity/permissions/access, etc.
The information that I do find is very lacking and scattered, like, it’ll say that root is dangerous because if compromised it can affect the whole system. Okay, I get that, but then how it is different from an Admin with full access? Why is one safer than the other, if both can be set up with the same protections against malicious parties?
It’s things like this that I’m confused by, and lacking either the knowledge or terminology to find out. I feel like I have a lot of chunks of information in my head about all these topics, but I’m missing the substance, the thread that ties it all up.
Thank you so much for this amazing answer! VLAN, WAN, NAT, switch layers, lots of new stuff to read up on! I could go with a separate, low power machine for public hosting for now, at least until I have a firmer grasp of security basics. Then again, I’m getting the second IP literally for even less than free, so no losses incurred if it sits unused until I learn up. I have considered cloud hosting, looked at multiple options, DigitalOcean, Heroku and AWS included. But I’ve always been drawn to messing with hardware, and all of cloud hosting is very “virtual”, for a lack of a better term. None of it has the same appeal for me as having a physical, self-hosted machine, that I can use and modify however I need or want to.
Do you maybe have any suggestions for starting points in network/server security? I’ve seen a lot of general information, like disabling and never using root accounts in any Unix/Linux environment, only use sudo for extreme necessities, and other basic setup tips, like setting a firewall VM or having everything pass through a separate hardware machine that acts like a firewall. But, again, very seldom do I find anything explained, like, why is root dangerous, what is a firewall VM, what software do I use for this thing or that thing, best practises of hardware/software/connectivity/permissions/access, etc. The information that I do find is very lacking and scattered, like, it’ll say that root is dangerous because if compromised it can affect the whole system. Okay, I get that, but then how it is different from an Admin with full access? Why is one safer than the other, if both can be set up with the same protections against malicious parties? It’s things like this that I’m confused by, and lacking either the knowledge or terminology to find out. I feel like I have a lot of chunks of information in my head about all these topics, but I’m missing the substance, the thread that ties it all up.