For example, I prefer to use a VPN instead of port forwarding. And I use SSH for anything I used to use an FTP for.

  • splendoruranium@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Blacklist everything then whitelist the IPs you know you’ll be connecting from (work, cell phone, etc). I don’t connect from random places usually. If I need to then I use cellular. You might be better off with a VPN if you need to connect from random places.

    I see, thanks!
    Is there any concern with whitelisting a cellular CGNAT’s public IP? Presumably that would potentially whitelist thousands or tens of thousands of other mobile devices at once, wouldn’t it?

    • const_void
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Is there any concern with whitelisting a cellular CGNAT’s public IP?

      It depends on how much you decide to whitelist. In my case I whitelist my cellular carrier’s IP block. Which does expose those services a little more broadly but I’m willing to risk it.