Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)NB
Posts
0
Comments
329
Joined
2 yr. ago

  • I read the old thread and now this one.

    As I understand it, you want to create connection between clients on your lan, but you don't trust your lan, so it's like having a raspberry pi server and some client both on the coffee shop network and you want them to communicate securely?

    Tailscale is what you want. Easy setup, free, and allows exactly this to happen.

  • The effect is similar to sticky ports, but sticky ports is just filtering based on Mac address, which can be spoofed.

    802.11x allows traffic from a device only if they also have the correct EAP certificate.

  • https://en.m.wikipedia.org/wiki/IEEE_802.1X

    802.1x are a set of protocols that allow port access to be locked to specific devices, which would preclude your need for multiple subnets. You would likely need a few extra physical ports on your white box router, the unmanaged switch could later become overwhelmed passing traffic in a more complicated setup, and you would still need to keep trusted and untrusted traffic separate at the gateway subnet.

    Your use case is exactly why vlans were invented.

    However, I suspect from your other answers that you are actually looking for an open source managed switch so your entire networking stack is auditable.

    There are a few solutions like opx, but hardware supporting opx is prohibitively expensive and it is almost always cheaper to build a beige box and use Linux or get a 2nd hand supported device and use openwrt.

  • Kind of a vague question, but I take it you mean OS-level hardening, which should be fine with CIS hardening.

    In a virtualized environment, there are many security layers to take care of: network access, storage, api control, identity access, cluster config, backups, etc.

  • Don't be flippant.

    This is like going to a car enthusiast forum and asking "any potential problems with driving a car that may or may not be stolen?"

    You have indicated that you're aware of the potential repercussions of running a personal project in a publicly-funded environment.You've already been told that this is unethical everywhere and illegal in many places.

  • I would tend to agree with the process part of accelerationism, but I don't think there is a goal.

    The "crazy like a fox" theory is contradicted by several pretty dumb tells that suggest the administration is headed and staffed by actual idiots.