Management kiosk

From Sea of Fate
Jump to navigationJump to search

,==Introduction==

The Home Lab has many quite a few servers and services now and some of the are quite sensitive. We could administer them from the internet but at the moment that is too much of a security risk to setup for the limited gain so for now we will restrict access to the Virtual Machines, to that end we have dedicated management consoles on a restricted VLAN. To begin with we had a single console with the hostname lemon and that was the sole means of administration but it became a it too sluggish with the Ubuntu desktop so we created another desktop as well based on Mint Cinnamon.

The Management VLAN

WE have a a dedicated management VLAN 99 that is the sole means of administering the Pfsense Firewall and other services like Prometheus and Grafana. By keeping these services only available to this specific VLAN their is little chance of any outside influence modifying any of the essential services because the hostile actor would have to compromise the management kiosk first and the simple expedient of leaving the VM stopped would make that impossible.

The Kiosks

There are now two kiosks created, Lemon based on Ubuntu and Cinnamon based on Mint. As both are desktop builds they both have browsers so they could both administer consoles like Pfsense.

Retrieved from "https://wiki.seaoffate.net/index.php?title=Management_kiosk&oldid=1102"