← Back to Projects

Home Server Security Architecture + Monitoring

Hybrid edge-to-cloud Zero Trust build in progress. Architecture and design are documented (PDF), with implementation underway for segmentation, monitoring, and encrypted cloud storage.

Current phase: Architecture & Design completed. Implementation in progress.

CurrentSecurity ArchitectureCloud SecurityAPI SecurityWeb SecurityDetection/IR
Tech
VyOSLinuxWazuhNessusDockerAWS S3IAM/KMSCloudTrail
Portfolio maturity65%
This reflects how complete the artifact is (writeup + evidence), not skill level.
Security snapshot →Blog writeups →

Highlights

  • Architecture completed: hybrid edge-to-cloud Zero Trust design with clear trust boundaries
  • Edge enforcement: DNS-based policy controls and device access classification
  • Cloud vault: encrypted storage with least-privilege IAM and audit logging
  • Monitoring roadmap: central logging + detection signals for investigation

Audience

  • Security Engineers
  • Security Architects
  • Hiring Managers

Problem / Goal

  • Home networks and mobile setups face real threats: untrusted networks, mixed-trust devices, and misconfigurations.
  • Goal: build a realistic environment to practice segmentation, monitoring, and secure cloud storage with evidence.

Approach

  • Design first: document scope, assumptions, and non-goals before implementation.
  • Layered security model: Edge security layer → Secure storage layer → Cloud security layer.
  • Zero Trust mindset: verify identity, enforce least privilege, log actions, and reduce exposure by default.

Threats (What I design against)

  • Untrusted networks (public Wi-Fi / mobile / roaming) and opportunistic attacks
  • Lateral movement across mixed-trust devices on a flat network
  • Cloud misconfigurations exposing storage or APIs unintentionally
  • Lack of logs during incident response (no audit trail, weak detection)

Controls (How I mitigate)

  • Edge controls: DNS enforcement, allow/deny policies, restricted device handling
  • Segmentation: explicit trust boundaries and traffic control between zones
  • Cloud storage controls: encryption at rest (KMS), least-privilege IAM, MFA for admin access
  • Auditability: CloudTrail logging for API activity and traceability

Evidence

Download Architecture & Design (PDF) →
REPORTArchitecture & Design Document (PDF): Hybrid Edge-to-Cloud Zero Trust(Available)CONFIGNetwork segmentation rules (VyOS export/screenshot)(Planned)SCANScan results before/after (Nessus)(Planned)WRITEUPMonitoring alerts + notes (Wazuh)(Planned)
Evidence links will be added as artifacts are published (screenshots, configs, scan results, writeups).

Next steps

  • Phase 2: Implement segmentation rules and capture config evidence (screenshots/export)
  • Phase 3: Enable central logging/monitoring and capture alert examples (Wazuh)
  • Phase 4: Run baseline scans, remediate findings, and document before/after verification
  • Convert planned evidence into live artifact links (PDFs/screenshots/writeups)
Back to Projects →Contact →