Basically every local service is accessed via a web interface, and every interface wants a username and password. Assuming none of these services are exposed to the internet, how much effort do you put into security here?
Personally, I didn’t really think about it when I started. I make a half-assed effort at security where I don’t use “admin” or anything obvious as the username, and I use a decent-but-not-industrial password - but I started reusing the u/p as the number of services I’m running grew. I have my browsers remember the u/ps.
Should one go farther than this? And if so, what’s the threat model? Is there an easier way?

  • pHr34kY@lemmy.worldEnglish
    1910·
    1 month ago

    IPv6 should not be disabled under any circumstances.

    In fact, many devices in my house have IPv4 disabled. Disabling IPv4 on my public-facing SSH reduced the attack traffic to zero.

    IPv4 is shit.

    • Turbo@lemmy.mlEnglish
      2·
      29 days ago

      Why not disable ipv6 for local lan?

      I disable It on everything for next decade until it’s mainstream.
      .

    • BCsven@lemmy.caEnglish
      1·
      1 month ago

      I was referring to the latest CVE for ipv6 where an attacker just sends a flood of IPv6 packets which puts things like WindowsOS into a mode for remote code execution, even via webpage. Windows remedy right now is turnoff all ipv6 capability, as they don’t have a fix yet

      • pHr34kY@lemmy.worldEnglish
        3·
        30 days ago

        I know about that one. The 800MB “fix” for it has been crashing machines quite hard.

        I don’t have that problem because I don’t run Windows.

        Windows is shit.