Need guidelines for securing proxmox

[Covfefe]

Installed proxmox 8.x on a mini pc with 8 physical nics for home use. Created a VM and installed OPNSense. Configured vmbrs so LAN, WIFI, Streaming devices, IOT devices are on a seperate network. Created a rule in proxmox firewall for 8006, 22 so only a specific pc can connect to the management ip/port.

There will be only one pve node - no high availability, no need for vm migration, and no need for clustering. The whole setup is currently behind a netgear router which I'm planning to turn it into a AP for wifi once I directly connect OPNSense to the ISP modem.

I would like to secure proxmox. Is there a security guidlines or best practice doc?

Thanks

 

[esi_y]

I would like to secure proxmox. Is there a security guidlines or best practice doc?

No: https://forum.proxmox.com/threads/should-an-official-proxmox-hardening-wiki-page-be-created.148732

 

[esi_y]

once I directly connect OPNSense to the ISP modem

On a separate note, why would you ever want to do this?

 

[Johannes S]

I don't think that there can be a general guide since a lot depends on your environment and threat model. I just wrote in the linked threat on this. For example using cleartext protocols like NFS or ISCSI can be fine in one environment and in a different environment would be grossly negligent.