Defense in depth for small systems
The phrase “defense in depth” sounds like something from a corporate security audit, the kind of document that arrives as a 200-page PDF and recommends solutions that cost more than your entire infrastructure. But the core idea is simple and scales down surprisingly well: don’t rely on any single security measure, because every measure eventually fails. I run a small VM. One machine, a handful of services, nothing that would interest a sophisticated attacker. That last assumption is exactly the kind of thinking that gets systems compromised. Automated scanners don’t care how interesting you are. They probe everything, constantly, looking for the path of least resistance. Being small doesn’t make you safe; it just makes you a softer target. ...