Comment on [deleted]
brygphilomena@lemmy.world 1 year agoNot to knock on the security, but what is the threat model you are protecting against?
I see people harp on about security and you can do X or you need to do Y as if they hold a million bucks in Bitcoin to protect.
We make concessions every day with security for convenience. Most people’s threat model doesn’t include wire guard might respond to connection attempts without the proper key AND this will somehow allow an attacker to leverage a vulnerability in wire guard to gain access. However, I admit that some people’s paranoia makes them want to add every bit of security they possibly can even if it’s the most frustrating day to day usage.
Self hosting individuals aren’t a lucrative target for ransomware. Nor is it for most targeted hacking attempts.
hayalci@fstab.sh 1 year ago
i also think that it’s overkill, especially for a minimalistic tool like wireguard. That’s why I mentioned “if you want to be extra paranoid”. This forum is for learning, and this question is an open ended learning question, hence, an opportunity to learn about port knocking, even if the actual real life benefit of that would be minuscule.