Basically every local service is accessed via a web interface, and every interface wants a username and password. Assuming none of these services are exposed to the internet, how much effort do you put into security here?
Personally, I didn’t really think about it when I started. I make a half-assed effort at security where I don’t use “admin” or anything obvious as the username, and I use a decent-but-not-industrial password - but I started reusing the u/p as the number of services I’m running grew. I have my browsers remember the u/ps.
Should one go farther than this? And if so, what’s the threat model? Is there an easier way?

  • cmnybo@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    1
    ·
    3 months ago

    Just because each device has a globally routable IP address doesn’t mean they can be accessed from outside your LAN. You still have to add a firewall rule to open a port to the device.

    • BCsven
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      3 months ago

      I was referring to the latest CVE for ipv6 where an attacker just sends a flood of IPv6 packets which puts things like WindowsOS into a mode for remote code execution, even via webpage. Windows remedy right now is turnoff all ipv6 capability, as they don’t have a fix yet

        • BCsven
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          I have seen both. Typically you expect somebody self hosting to be about privacy and freedom, and thus choosing Linux, but there are WinFans too

        • BCsven
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          3 months ago

          Apparently crafted webpage could be a vector. Router has to block fragmented packages also. The issue is non savvy people get shipped a router with Ipv6 firewall turned off (as a shit default setting) and don’t know to check it. And as it is a worm type it can come in with otger binaries

        • BCsven
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Of course, but for a person with all machines on network having same user name and password it could become a larger problem