Yes, My home network setup is a bit complicated but I am using Pfsense so I have things on separate vlans with internal firewall rules to reduce risks.
All traffic in on port 443 is routed from Cloudflare to an NginX reverse proxy which decides how to connect back into my network for things
Years ago I would just run a server on the network with 443, 80 and 22 exposed directly to the world and never had any major issues. (Other than the normal automated attacks trying to gain shell access over SSH)
Gotcha, vlan setup sounds like the best possible way to do it, I don’t trust my security skills at all, 22 with fail2ban is about as far as I trust myself!
Most of these things are pretty secure out of the box.
Even without fail2ban disabling root login and only allowing SSH key authentication makes those scripts just a waste of time for the attacker. That game is a low effort attempt to just get the low hanging fruit for botnets though.
Yes, My home network setup is a bit complicated but I am using Pfsense so I have things on separate vlans with internal firewall rules to reduce risks.
All traffic in on port 443 is routed from Cloudflare to an NginX reverse proxy which decides how to connect back into my network for things
Years ago I would just run a server on the network with 443, 80 and 22 exposed directly to the world and never had any major issues. (Other than the normal automated attacks trying to gain shell access over SSH)
Gotcha, vlan setup sounds like the best possible way to do it, I don’t trust my security skills at all, 22 with fail2ban is about as far as I trust myself!
The hammering 22 gets is astonishing though.
Most of these things are pretty secure out of the box.
Even without fail2ban disabling root login and only allowing SSH key authentication makes those scripts just a waste of time for the attacker. That game is a low effort attempt to just get the low hanging fruit for botnets though.