GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I use a multilayer approach that I will not describe all of (because it would bore you to tears) but the first two layers are interesting.
Layer one is a good a secure router doing NAT. Nearly every home network has this, but not all. If you lack one, it is cheap to add to your network behind your ISP provided device. Mine can also be set to detect threat behavior outbound from WITHIN your network, just in case I miss something.
Layer two is integrated, a honeypot that looks wonderfully vulnerable. It is really a monitored virtual machine that gets reloaded as often as intrusion is detected and daily in any case. If the monitor detects a breaking attempt, or a successful exploit, the source IP is used to update a block list on the router so that cannot continue, and the virtual is reloaded.
Using triggered events like this I have blocked nearly all of China and half of Russia, as well as some subnets in South America and certain small portions of the US. (Interestingly, a part of Amazon. I often wonder if they monitor threat behavior on the part of their customers.) I have also blocked monitoring addresses within my own ISP range: I am not sure if it is the ISP or other customers are either owned or criminal. Lesson here, do not assume any network totally safe.
This level is probably enough for most IOT devices, but not for things that HUMANS actually directly touch (we are a weak point in any protection plan).
By the way, I originally used my own home loaded machines for both of those layers - but now only layer two. Home routers got better, and I had some hardware failures.
Internal (non-IOT) machines run firewall, Intrusion Detection, and Anti-Malware (not just antivirus) if I can set that up. My family is not as security aware as I am, so I cannot speak for all of their devices. I also recommends and use various browser and server security tools.
I find it easier to maintain security on all operating systems that are not Microsoft. It is not that they are innately more secure (though they may be) but that only Microsoft changes your security libraries and settings during updates without asking or informing you. (So far. I am always watching for that from any other source.)
With these precautions I have not had to recover from backup due to any issues. I have seen a browser hyjacked, but that issue was quickly isolated and repaired. My Linux machines can, naturally, be reloaded at will. Windows, not so much. Any I can be pretty sure that if any IOT device came under attack it was not successful.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
