As far as I remember, OPNSense has a default policy rule of "deny all incoming, allow all outgoing". If not, this should be one of the first steps to take.
Get your own VPN
If you can, you could use your own VPN service. I run a VPS for 6 € / month. If you can get your hands on something like this and install an openvpn server, you could always use that VPN for every connection.
So even if an attacker highjacks your connection somehow, he would only be able to see encrypted content and all content will be encrypted by a server you own and can verify / trust. You could also integrate this VPN into your OPNSense, so you'll be connected as soon as OPNSense starts up and has internet.
Regarding MITM attacks
Please someone correct me if I am wrong, but MITM attacks should generally be impossible when connecting to SSL backed connections, right?
These certificates (or rather the certificate authority the HTTPS certificates have been issued by) are generally trusted by your own operating system. Therefore, if someone wanted to highjack your connection without you getting some kind of certificate error, he would have needed to get his hands on a certificate issued by a worldwide trusted certificate authority and the address name matching the certificate.
MageQuit was way more hilarious than I initially thought. I went to a friend to play another 2 or 3 games over the span of 6 to 8 hours. We started with MageQuit and suddenly, it was 8pm. We also played MageQuit and nothing else the next time we met.
It's going to be very funny when we finally all gather and play a free-for-all 6 player match.
I only use my steam deck for portable, local multiplayer games. Well, except for when I play Pokemon Red / Blue / Yellow with EmuDeck.
I mostly find new titles via filtering by local multiplayer tags and buying stuff that's on sale and looks interesting. If it looks good but isn't on sale, I throw it on my wishlist-pile. There's plenty of fun stuff for couch multiplayer sessions!
Ha, that would've helped me a few times. Good to know!
Still, I wouldn't switch vim for nano ever again. nano is a good and easy start, but I think if you do more than just basic editing of a few files every now and then, learning vim is the way to go.
vim is pretty customizable, widespread and it has been around for quite some time after all. If you think you need it, somebody most likely already made it as a vim-plugin :)
vim was such an unimaginable improvement over nano for doing stuff on linux servers. Having an in-shell-editor search-and-replace function alone is worth everything you have to do to learn vim.
And after I was comfortable around vim because of all the "training" on servers, I just switched to vim fulltime. No more GUI editor for me!
hamsda @ hamsda @lemm.ee Posts 1Comments 65Joined 4 mo. ago
Set OPNSense default policy
As far as I remember, OPNSense has a default policy rule of "deny all incoming, allow all outgoing". If not, this should be one of the first steps to take.
Get your own VPN
If you can, you could use your own VPN service. I run a VPS for 6 € / month. If you can get your hands on something like this and install an openvpn server, you could always use that VPN for every connection.
So even if an attacker highjacks your connection somehow, he would only be able to see encrypted content and all content will be encrypted by a server you own and can verify / trust. You could also integrate this VPN into your OPNSense, so you'll be connected as soon as OPNSense starts up and has internet.
Regarding MITM attacks
Please someone correct me if I am wrong, but MITM attacks should generally be impossible when connecting to SSL backed connections, right?
These certificates (or rather the certificate authority the HTTPS certificates have been issued by) are generally trusted by your own operating system. Therefore, if someone wanted to highjack your connection without you getting some kind of certificate error, he would have needed to get his hands on a certificate issued by a worldwide trusted certificate authority and the address name matching the certificate.