• pandapoo@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    11
    ·
    11 days ago

    They are frequently targeted because they offer enterprise grade configurations at consumer prices.

    Which means, there’s a lot that can be misconfigured, and a lot of short staffed and under budgeted IT departments that deploy them, which means they are a good payoff when exploited.

    That’s the bad part, and the good part.

    You really cannot beat their price point to value for professional grade networking equipment. Just take the time to understand what you’re doing when doing your configurations, and keep them updated.

    • bane_killgrind@slrpnk.net
      link
      fedilink
      English
      arrow-up
      6
      ·
      11 days ago

      Very little is changing over time… I have a proliant salvage server running proxmox with some hosts and the router only port forwards to an NGINX proxy manager instance for the web interfaces on those hosts. I run a synology NAS separate from the proliant hardware that runs through the proxy.

      I know I don’t understand it all, and i’m open to suggestions.

      • pandapoo@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        11 days ago

        Did you mean to send that reply to me?

        I ask because I’m not quite sure what specific suggestions you’re looking for.

        But in general, I would suggest not exposing port forwarding.

        What services are running behind NGINX? What router/firewall are you using?

        • bane_killgrind@slrpnk.net
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 days ago

          Yes, I attribute security significant misconfigurations to a lag between new service deployments and a relevant review by network security (in a business environment. At home it’s just me.)

          So I’m running Milestone VMS, Synology NAS and maybe in a day a minecraft server for the kids, which should all be available outside my home. I’m using the mikrotik HexPOE which is my main router/firewall.