As I go further down the security rabbit hole I’m now in the process of hardening security on all of my devices. I’ve moved all of my lab behind a second firewall with strict security settings to keep it segregated from my local LAN. I also completely reinstalled several systems to ensure that they haven’t been compromised in any way. I’ve also removed windows from my local network, I now only use windows in virtual machines. For DNS security I’m now using Pi-hole and enabled DNSSEC. I’m also now using OpenDNS and Quad9 as upstream DNS servers and removed google to use privacy respecting services. Additionally I added a few more blocklists from Firebog for increased filtering.
Since I use a Macbook Pro as my daily driver I figured I should lock it down as well. First I reinstalled my MBP to factory to ensure my system hasn’t been compromised. I then installed several tools from Objective-See. I highly recommend you check them out and support them if you use macOS. I also used drduh’s macOS-Security-and-Privacy-Guide.
I’ve also started to use PGP encryption for my emails. If you would like to encrypt a message you can use my public keys below.