Comment on How do you all handle security and monitoring for your publicly accessible services?
KairuByte@lemmy.dbzer0.com 3 days agoThere’s also something to be said about some services being cordoned off in a VPN while leaving some public with security. I don’t necessarily want everyone within my full network if all I want is to share one service with them.
peregus@lemmy.world 3 days ago
For that, you can restrict access to a single service with iptables.
Xanza@lemm.ee 3 days ago
This is effectively the same damn thing with a single exception. If your VPN is down, there’s no access to your server. If for whatever reason your firewall is down, there’s unrestricted access to your server…
VPN is unquestionably the correct choice 100 times out of 100.
peregus@lemmy.world 3 days ago
I don’t know what kind of firewall you use, but if my firewall is down there is NO traffic at all passing through!
And by the way, since I’ve replied to someone that don’t want to use VPN because he doesn’t want to give access to the whole network, I meant that he could use a VPN AND iptables to restrict the guest access to single services instead of the whole network.
Xanza@lemm.ee 3 days ago
Only a hardware firewall would do this. If it’s software, like implied in your post, no traffic is filtered and all connections are accepted.
VPN is the least amount of work for the most secure setup. There’s nothing to even argue, its superior in every way.