Comment on How do you all handle security and monitoring for your publicly accessible services?
KairuByte@lemmy.dbzer0.com 2 months agoThere’s also something to be said about some services being cordoned off in a VPN while leaving some public with security. I don’t necessarily want everyone within my full network if all I want is to share one service with them.
peregus@lemmy.world 2 months ago
For that, you can restrict access to a single service with iptables.
Xanza@lemm.ee 2 months ago
This is effectively the same damn thing with a single exception. If your VPN is down, there’s no access to your server. If for whatever reason your firewall is down, there’s unrestricted access to your server…
VPN is unquestionably the correct choice 100 times out of 100.
peregus@lemmy.world 2 months ago
I don’t know what kind of firewall you use, but if my firewall is down there is NO traffic at all passing through!
And by the way, since I’ve replied to someone that don’t want to use VPN because he doesn’t want to give access to the whole network, I meant that he could use a VPN AND iptables to restrict the guest access to single services instead of the whole network.
Xanza@lemm.ee 2 months ago
Only a hardware firewall would do this. If it’s software, like implied in your post, no traffic is filtered and all connections are accepted.
VPN is the least amount of work for the most secure setup. There’s nothing to even argue, its superior in every way.