Author Archives: IMTheNachoMan

Is there any value in using macvlan/VLANs to create router aware networks to segment internet exposed containers vs non exposed containers?

Posted on by

I have a single home server with a single NIC. I intend to run numerous Docker containers — some will be internet exposed, some will not.
The way I see it, I have two options:

Use the normal bridge network driver:

Create 2 unique bridge… Continue reading Is there any value in using macvlan/VLANs to create router aware networks to segment internet exposed containers vs non exposed containers?

What is the threat/risk difference in opening multiple ports on one physical NIC on a home server vs creating VLANs and opening ports on each VLAN?

Posted on by

I have a single home server with a single NIC. I intend to run numerous services — some will be internet exposed, some will not. I don’t know if I am going to run them as VMs or Docker container but it shouldn’t matter for this question.
Continue reading What is the threat/risk difference in opening multiple ports on one physical NIC on a home server vs creating VLANs and opening ports on each VLAN?

security considerations/issues for web-app where apache has sudo as user access

Posted on by

I am working on web-app and was hoping to get some security threat perspective from folks here. I am trying to identify all the potential threat vectors so I can secure them. I am too close to the problem to trust my instinct… Continue reading security considerations/issues for web-app where apache has sudo as user access