I currently have several VLANS (management for network devices, iot for smart devices, infra for security cameras and NAS, one for personal devices, anothe for guests, etc.

Currently I’m hosting a game server which is exposed to the outside world and am thinking of adding a couple more similar services.

Is it best practice to put such machines on their own isolated VLAN to minimize their attack surface?

  • hackris
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    I recommend putting public-facing devices on a separate VLAN, and run as much as possible through a reverse proxy, to only have a single port open. Network monitoring is important too.