As I'm exploring the idea of hosting my data at home (with offsite backups), I would like to better understand how to test my home network for security vulnerabilities.

I have run basic Nmap scans and confirmed that there are no open ports. I've confirmed that users have access to what they need but nothing else, and that guests using the network for web access don't have any sort of access to data. All data is encrypted so someone stealing the physical hardware shouldn't have access to the contents, either. But that's about as far as I know what to do.

What else could and should I try? How do you pentest your home network?

I feel I'm ok with my understanding of how to set things up so that everything is relatively secure. But I have very little idea how to actually test the setup.

Edit: Added a sentence about encryption.

I'm a little late on this, admittedly. $dayjob is requiring us all to set up a pair of YubiKeys, and I'm using them for the first time and my mind is a little blown.

I was seeing articles about "passkeys" all summer, not really grokking what they were talking about, clinging to my usernames and passwords and 2FA codes coming out of 1Password, etc.

I just set it up on a few accounts today, initially as an additional 2FA source, but when I set them on GitHub, I saw for the first time how exactly they are used instead of the username and password and 2FA combo to log in, and it seems incredible to me!

For long-time YubiKey users: what are some cool things in the ecosystem that you would recommend looking at?

It's seems to have been common sense for a while now that Windows has good-enough security software that you don't need 3rd party tools but is it actually the case now? Is there anything to lose or gain from trusting 3rd party with this stuff?

For a long time now, I have been using KeePassXC for desktops and KeePassDX for Android. I keep everything synchronized neatly with Syncthing, which can be configured to operate over your WiFi or the internet through their gateways. This allows me to share a single KeePass file with another individual, provided I tell them the password.

I have a co-worker who is loving 1Password and while it looks great, something irks me about paying monthly for a password manager. I looked into Bitwarden for a "local cloud" and have seen very mixed results as well as not being sure if I could trust my own security configurations to do so.

I am primarily wondering what everyone else is using in search of something a bit more convenient (I'm not opposed to using the cloud) that has an app like KeePass that I can use for desktop apps, and not just in the browser (though I don't use that function often, truthfully).

Edit: Passkey support was mentioned in this comment and made me realize how important such support will be in the coming years. For those of you with password management solutions supporting it, how has it been?

I just received an Unknown Tracker alert on my Pixel 7 running Android 14 beta 5 for an Apple air tag that was on my son in laws key chain as I had borrowed his car.

I heard this was coming but didn't expect it so soon!

Quite impressed with both the information given and the general advice and steps to take offered.

The first notification was "Tracker Travelling With You: Unknown Apple air tag detected. The owner can see your location."

Touching "more info" then shows a map of where the tracker has been with me and the option to make the tracker play a sound to help locate it, with a note that the owner won't know you've done that.

Then more advice and options:

• If you feel unsafe, get help.
• Get and save tracker info
• Disable the tracker (with a how-to guide on battery removal)

And a ”need more help" link.

As I said, I had heard about this coming but was pleasantly surprised at how good it was and the general advice and help offered up.

Nice seeing things like this done right.

I'm curious on how to get started in self hosting. I have computer experience, being an Android Developer, but I hardly have experience in Linux and backend/networking work.

I've been wanting to start up a Plex/Jellyfin server for a while, and I have an old system sitting around with a Ryzen 1700 with a graphics card in there as well that's been begging for attention, and maybe I can throw on a Minecraft server in there as well. Since I travel a bunch, it would be nice too to be able to access my media for when I'm traveling, or to let my parents or friends access some shows if they so desire!

What I'm worried about is exposing my network to the internet basically. I used to run a Minecraft server with port forwarding and such on a personal computer but now I'm realizing that that's probably a bit unsafe lol.

Basically, are there any guides that I can look at, or any of your own experiences that could potentially help me or anyone who's interested?