For example, I prefer to use a VPN instead of port forwarding. And I use SSH for anything I used to use an FTP for.
A10@kerala.party ( @A10@kerala.party ) 4•10 months agoI use a non standard ssh port, Fail2ban, wiregusrd vpn for some services
poVoq ( @poVoq@slrpnk.net ) English4•10 months agoTOTP MFA highly recommended on SSH and webconsole. The so called “google-authenticator” makes it easy and despite the name does not use any external Google services.
ReversalHatchery ( @ReversalHatchery@beehaw.org ) 5•10 months agoYes, but if using an android phone, the Aegis app may be a better choice. Guaranteed to not have tracking, and secrets are encrypted
poVoq ( @poVoq@slrpnk.net ) 1•10 months agoThat is indeed what I am using as well. The “google-authenticator” is just an (badly named) open source software that runs on the server and is available in most Linux distro repositories.
ReversalHatchery ( @ReversalHatchery@beehaw.org ) 1•10 months agoOh, you mean the PAM module?
poVoq ( @poVoq@slrpnk.net ) 1•10 months agoIt can function as that as well AFAIK.
sharpiemarker ( @Sharpiemarker@feddit.de ) 3•10 months agoA padlock
const_void ( @const_void@lemmy.ml ) 3•10 months agoIP whitelisting
splendoruranium ( @splendoruranium@infosec.pub ) English3•10 months agoIP whitelisting
How do you do that? I understand how blocklisting would work but how does whitelisting work in practice? How can you know in advance from which IPs you will connect to your home network in the future? That just seems like a recipe for getting stranded in some hotel without a way into your network.
const_void ( @const_void@lemmy.ml ) 2•10 months agoBlacklist everything then whitelist the IPs you know you’ll be connecting from (work, cell phone, etc). I don’t connect from random places usually. If I need to then I use cellular. You might be better off with a VPN if you need to connect from random places.
splendoruranium ( @splendoruranium@infosec.pub ) English1•10 months agoBlacklist everything then whitelist the IPs you know you’ll be connecting from (work, cell phone, etc). I don’t connect from random places usually. If I need to then I use cellular. You might be better off with a VPN if you need to connect from random places.
I see, thanks!
Is there any concern with whitelisting a cellular CGNAT’s public IP? Presumably that would potentially whitelist thousands or tens of thousands of other mobile devices at once, wouldn’t it? const_void ( @const_void@lemmy.ml ) 1•10 months agoIs there any concern with whitelisting a cellular CGNAT’s public IP?
It depends on how much you decide to whitelist. In my case I whitelist my cellular carrier’s IP block. Which does expose those services a little more broadly but I’m willing to risk it.