Security Policy

Access Control

Access to the homelab environment is strictly controlled through Zero Trust principles.

Authentication

• All public endpoints are protected by Authelia.
• Multi-Factor Authentication (MFA) is required for administrative interfaces.
• Passwords must adhere to NIST guidelines (min 12 chars, complex).

Network Security

• No direct port forwarding on the home router.
• All ingress traffic must pass through Cloudflare Tunnel.
• Internal service-to-service communication is restricted via Docker networks.