Is there a way to confirm that my home server’s security is sufficient for most common attacks?

Externally, I only have the ports 80, 443 (Nginx-Proxy-Manager) and 51829 (Wireguard VPN) enabled on the router.

I have a Rpi4 and a mini PC connected to the router via ethernet cable. And I am using NPM for reverse proxy. Also enabled SSL for local DNS so I don’t have to keep typing the IP addresses for each server.

All my apps are docker containers and they all use network_mode: bridge.

And finally, I have only two services open to internet. The media server and the Wireguard VPN. Got the free DuckDNS domains and configured in the NPM.

I haven’t done any specific firewalls. Just using default Debian 12 settings and default Docker engine settings.

  • kindrudekid@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Audit-ssh and testssl.

    Audit ssh shows all the algorithm in use and setting and shows then colored format like red bad and so on…

    Same with testssl, which tls supported ? Https redirect ? What cipher suites etc … again all color coded.

    Both available via homebrew for Mac.

    If you use Mozilla recommended for ssh and ssl you should be fine

    • chaplin2@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Frankly these are useless. SSH is secure by default and will never support algorithms that could be possibly broken. Same for TLS 1.3