WingNews logo WingNews
top | item 44024435

(no title)

old-gregg | 9 months ago

Your "life hack" is not a good advice. There's plenty of well-written explanations for why perimeter based security doesn't work. What is strange is that you've started in the right place: by being "constantly worried about security implications of each app". Unfortunately it's annoying and time consuming, but that's the right way to keep your data private. And if that's too much hassle, it means it's worth it to pay others to do it.

When I'm thinking about a hypothetical situation when I need to save the world by hacking into a hypothetical villain, my best hope will be him using your approach to security.

discuss

order

lolinder|9 months ago

Any serious approach to security begins with a reasonable and clearly defined threat model, and my threat model for my home network doesn't currently include a team of superheros targeting my file backups in an effort to save the world. But I'll definitely keep your advice in mind when I do decide to start executing on my evil plots.

For now my threat model consists of script kiddies and abusive corporations. Self-hosting gets me away from the corporations and keeping my stuff off of the public internet keeps me away from script kiddies.

bigfatkitten|9 months ago

> There's plenty of well-written explanations for why perimeter based security doesn't work

It certainly helps when your attack surface consists of numerous web apps of unknown quality.

Drive-by RCEs (e.g. log4j) then suddenly become much less of a headache when none of it is reachable by the world at large.

Exactly how you do that, whether via an authenticating reverse proxy or VPN doesn’t really matter.

gugagore|9 months ago

Could you provide an example of one of the well written explanations?

marcusb|9 months ago

just go and look at any of the vendors selling “zero trust” solutions. They all have white papers available about how a) perimeter security is “dead” and b) how their specific flavor of zero trust is the One True zero trust and the only thing you can trust to protect your data.

You will without exception need to provide an email address to access these white papers, so their inside sales team can ensure you fully understand the importance of trusting their zero trust, and not trusting anyone else’s.

I’m not kidding - even a little.