marauding_gibberish142 @ marauding_gibberish142 @lemmy.dbzer0.com Posts 17Comments 448Joined 1 mo. ago
- Create git repo
- Put all config in git repo
- Create repo on codeberg
- Clone git repo to both VPS and laptop
No extra money needed
Thank you. I have saved the post, but it seems the publishing website doesn't like TOR exit nodes? I can't seem to reach the page through TOR. I'll try again later
Ooh, would it be similar on other Linux distros/Unixes? I'm trying to decide between Debian, VyOS, Alpine and OpenBSD for my main firewall. All of them have strengths but I think it'll be between VyOS and OpenBSD for me.
True, a commodity all-in-one-box running OpenWRT, or an SBC that supports it would work perfectly, except maybe for a lack of ports
Thank you. Now I just need to learn to do all of this on Linux/BSD lol
Ah, I see. Thanks
Sorry, I'm not sure what you mean by "ARP bridges L1 and L2". I'll have to read more about this. Other than that, I understand what you said.
Thank you so much for the explanation. I followed everything but:
Untagged (sometimes called Access) is something you apply on a switch port. For example, if you assign a port to Untagged VLAN 32, anything connected to that port will only be able to connect to port 32.
I couldn't really understand what you meant here. Did you mean VLAN 32 in the last line?
Thanks, but isn't ARP contained inside a subnet? I guess you could find everything if you inspected the MAC table of the main switch
I see, I was completely off-track lol. But isn't this really for a setup where each computer is connected to an individual port of the switch? I.E. this won't work if to one port of an L3 switch one were to attach a dumb 5 port switch and plug 4 computers in
Thank you. In theory, is there a mechanism which will prevent other hosts from tagging the interface with a VLAN ID common with another host and spoof traffic that way? Sorry, I need to study more about this stuff
Thank you for the great comment.
This line cleared it up for me:
802.1q aware switch and gateway to use VLANs effectively.
It is indeed as you say. VLANs on a trunk port wouldn't really work for security either. This is making me reconsider my entire networking infrastructure since when I started I wasn't very invested in such things. Thanks for giving me material to think about
I see. I didn't know about this. I have saved your comment, I'll come back to this in a bit
Thank you for the comment.
My threat model in brief is considering an attack on my internal networking infrastructure. Yes, I know that the argument of "if they're in your network you have other problems to worry about" is valid, and I'm working on it.
I'm educating myself about Lynis, AuditD and OpenVAS, and I tend to use OpenSCAP when I can to harden the OS I use. I've recently started using OpenBSD and will use auditing tools on it too. I still need to figure out how to audit and possibly harden the Qubes OS base but that will come later.
Yes, I do realise that the dumb switch has an OS. And you raise a good point. I'm starting to feel uneasy with my existing netgear dumb switches too. Thank you for raising this, I think a whitebox router build might be the only way.
I'd like to mention that I would use VLANs if I could use them on hardware and software I feel comfortable with. But I cannot. Whitebox build it is, I suppose.
Thanks again for the comment and I'd like to hear any suggestions you have.
Ah, is that something like sticky ports?
Indeed, I would like to run a switch with a FOSS OS, and I don't see any viable way of doing that. Unfortunate, but whitebox router + switch it is then
Yes, that's what I meant. It was a sarcastic remark on the current government's general level of skills with web-technologies. I suppose the obligatory /s was missed
Hmm, I haven't heard of that before. Could you explain?
You'd think that a government knows how to do a web search
Could you elaborate why the question of trust invalidates using just subnets?
Thanks, but to make that work I would need a managed switch running a proprietary OS can I cannot trust. If there was a switch running a FOSS OS then I would use that