udc@lemmy.world to Selfhosted@lemmy.worldEnglish · 23 days agoHow to Setup a Secure Ubuntu Home Server: A Complete Guidewww.davidma.coexternal-linkmessage-square24fedilinkarrow-up1142arrow-down119
arrow-up1123arrow-down1external-linkHow to Setup a Secure Ubuntu Home Server: A Complete Guidewww.davidma.coudc@lemmy.world to Selfhosted@lemmy.worldEnglish · 23 days agomessage-square24fedilink
minus-squareBotzo@lemmy.worldlinkfedilinkEnglisharrow-up3·edit-223 days agoWe can go harder: port knock to open the port to a cert-only VPN (on top of all that) https://wiki.archlinux.org/title/Port_knocking
minus-squaremartinb@lemmy.sdf.orglinkfedilinkEnglisharrow-up3·23 days agoFelt a bit like a faff to me, so I never bothered. Does depend upon your threat model though
minus-squareBotzo@lemmy.worldlinkfedilinkEnglisharrow-up2·23 days agoTotally. Port knocking is one of those “of course someone did that” things to me too. A replay attack is enough to make it security theater. An IP allowlist is a more useful addon.
We can go harder: port knock to open the port to a cert-only VPN (on top of all that)
https://wiki.archlinux.org/title/Port_knocking
Felt a bit like a faff to me, so I never bothered. Does depend upon your threat model though
Totally.
Port knocking is one of those “of course someone did that” things to me too. A replay attack is enough to make it security theater.
An IP allowlist is a more useful addon.