Cybersecurity Is a Mindset
Cybersecurity isn't a product you buy or a checklist you complete — it's a continuous practice of reducing risk. Attackers need to find one way in. Defenders need to close every door. That asymmetry is why mindset matters more than any individual tool.
Attacker needs: ONE successful path
Defender needs: ALL paths closed
Attacker advantage: patience, automation, scale
Defender advantage: knowledge of your own systems,
ability to detect anomalies,
ability to patch faster than attackers find new holesCIA Triad — The Foundation
Every security decision traces back to three properties. When evaluating any control or threat, ask which pillar it affects.
Confidentiality → only authorized parties see the data
Attacks: eavesdropping, data exfiltration, credential theft
Controls: encryption, access control, VPNs
Integrity → data is accurate and unmodified
Attacks: tampering, SQL injection, supply chain compromise
Controls: checksums, signatures, input validation
Availability → systems are online when needed
Attacks: DDoS, ransomware, hardware failure
Controls: redundancy, backups, rate limitingWho Are the Threat Actors?
Understanding who might attack your systems — and why — shapes how you defend. A homelab isn't a corporate target, but it's also not invisible.
Script kiddies → automated scanners, exploit frameworks, no specific target
Risk to homelab: HIGH (your public IP gets scanned constantly)
They hit everything exposed on the internet
Opportunists → looking for misconfigured services, default creds, open ports
Risk to homelab: HIGH if you expose services without hardening
Ransomware bots → scan for RDP, SMB, exposed NAS devices
Risk to homelab: MEDIUM-HIGH if you have file shares exposed
Nation states → targeted, sophisticated, patient
Risk to homelab: LOW (you're not the target)
Insider threat → someone with legitimate access misusing it
Risk to homelab: LOW unless others share your networkAttack Surface — What You're Defending
Your attack surface is everything an attacker can interact with: open ports, public services, login pages, exposed APIs, user accounts, email addresses. Reducing it is the most effective defense.
Homelab attack surface audit: ✗ Port 22 (SSH) open to internet → move behind VPN or use Cloudflare ✗ Proxmox web UI (8006) exposed → management should never be public ✗ Default credentials anywhere → change every default password ✗ HTTP (no TLS) services → everything public needs HTTPS ✓ Cloudflare Tunnel → no open inbound ports = smaller surface ✓ Authelia on public apps → SSO gate before any service
Defense in Depth
No single control is enough. Defense in depth means layering controls so that when one fails — and eventually one will — others catch what slips through.
Layer 1 — Perimeter: Cloudflare, firewall, no unnecessary open ports Layer 2 — Auth: SSO (Authelia), MFA, strong passwords Layer 3 — Network: VLANs, firewall rules between segments Layer 4 — Host: patched OS, minimal services, fail2ban Layer 5 — App: input validation, least privilege accounts Layer 6 — Data: encryption at rest, encrypted backups Layer 7 — Detection: logs, alerts, anomaly monitoring
≈·*•—[ A|S ]—•*·≈