udc@lemmy.world to Selfhosted@lemmy.worldEnglish · 20 hours agoHow to Setup a Secure Ubuntu Home Server: A Complete Guidewww.davidma.coexternal-linkmessage-square22fedilinkarrow-up1126arrow-down112cross-posted to: technology@lemmy.world
arrow-up1114arrow-down1external-linkHow to Setup a Secure Ubuntu Home Server: A Complete Guidewww.davidma.coudc@lemmy.world to Selfhosted@lemmy.worldEnglish · 20 hours agomessage-square22fedilinkcross-posted to: technology@lemmy.world
minus-squareBotzo@lemmy.worldlinkfedilinkEnglisharrow-up3·edit-215 hours agoWe can go harder: port knock to open the port to a cert-only VPN (on top of all that) https://wiki.archlinux.org/title/Port_knocking
minus-squaremartinb@lemmy.sdf.orglinkfedilinkEnglisharrow-up3·12 hours agoFelt a bit like a faff to me, so I never bothered. Does depend upon your threat model though
minus-squareBotzo@lemmy.worldlinkfedilinkEnglisharrow-up1·11 hours agoTotally. Port knocking is one of those “of course someone did that” things to me too. A replay attack is enough to make it security theater. An IP allowlist is a more useful addon.
We can go harder: port knock to open the port to a cert-only VPN (on top of all that)
https://wiki.archlinux.org/title/Port_knocking
Felt a bit like a faff to me, so I never bothered. Does depend upon your threat model though
Totally.
Port knocking is one of those “of course someone did that” things to me too. A replay attack is enough to make it security theater.
An IP allowlist is a more useful addon.