I recently figured out reverse proxies and I have several apps that I want to expose for ease of use for family members. I have found authelia and thought I could set that up as an extra protection against suspicions activity but after thinking about it a bit more I realized that the apps I want to expose already have user accounts and passwords so it would make things a bit more annoying when logging in. plus would authelia even work if the user is using a phone app instead of the web browser?

What are your ways of keeping your servers safe from suspicious activity or even monitoring them for suspicious activity ?

Before this post gets blasted with “just use a VPN” Yes I already have wireguard up and running but trying to get family members setup with a vpn that are technology illiterate is a nightmare

  • persiusone@alien.topBEnglish
    1·
    10 months ago

    Before this post gets blasted with “just use a VPN” Yes I already have wireguard up and running but trying to get family members setup with a vpn that are technology illiterate is a nightmare

    I mean, the reasons to do this cannot be understated. A VPN literally accomplishes the security and exposure issues.

    It’s your network through. You can feel free to expose your ports and services to the entire internet and take the risk of zero day attacks, brute force, and credential leaks. Knowing that your family is illiterate, it sounds like they may not use best cyber security practices with your services…

    So, that leaves it on you. You can either support it on the front end with a proper VPN like Wireguard, or support it on the back end with IDS, honeypots, advanced threat management, constant monitoring, mitigation, patch management, backup and restores, isolation, etc.

    There are not shortcuts to proper security and exposure management. You can also pay someone, or a company to do this for you.

    • Joyfulsinner@alien.topOPBEnglish
      1·
      10 months ago

      Yes the reason why I said that is because I know what a VPN is and I know why its secure but I am asking for a different solution to the same problem. I am looking for different options and I know one option is a VPN so it doesnt help to me to find a solution when the only answers are “just use a VPN”

      Thank you for the couple of keywords. I will start my research there.

    • John_Mason@alien.topBEnglish
      1·
      10 months ago

      You can either support it on the front end with a proper VPN like Wireguard, or support it on the back end with IDS, honeypots, advanced threat management, constant monitoring, mitigation, patch management, backup and restores, isolation, etc.

      Isn’t there a middle ground with something like Cloudflare Tunnels or Tailscale Funnel? Those still expose your services to the internet outside of a VPN, but they require a lot less maintenance than you described.