Comment by vhanda
1 day ago
I think what they meant is that if it's hosted online / home-network, only allow access to all services through a VPN. Wireguard is relatively easy to setup, and you can configure all your services to only be available through wireguard.
Ever since ssh almost got backdoor-ed, the only thing "exposed" on my servers is Wireguard, which is UDP based and therefore harder to know if it's running. SSH also goes over wireguard.
> ... Wireguard, which is UDP based and therefore harder to know if it's running.
Isn't it basically impossible to know if it's running unless you have an authorize key? I thought it didn't respond at all unless you ping a valid entry key off it.