For example, I prefer to use a VPN instead of port forwarding. And I use SSH for anything I used to use an FTP for.

  • const_void
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    Blacklist everything then whitelist the IPs you know you’ll be connecting from (work, cell phone, etc). I don’t connect from random places usually. If I need to then I use cellular. You might be better off with a VPN if you need to connect from random places.

    • splendoruranium@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Blacklist everything then whitelist the IPs you know you’ll be connecting from (work, cell phone, etc). I don’t connect from random places usually. If I need to then I use cellular. You might be better off with a VPN if you need to connect from random places.

      I see, thanks!
      Is there any concern with whitelisting a cellular CGNAT’s public IP? Presumably that would potentially whitelist thousands or tens of thousands of other mobile devices at once, wouldn’t it?

      • const_void
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Is there any concern with whitelisting a cellular CGNAT’s public IP?

        It depends on how much you decide to whitelist. In my case I whitelist my cellular carrier’s IP block. Which does expose those services a little more broadly but I’m willing to risk it.