• 0 Posts
  • 1 Comment
Joined 1 year ago
cake
Cake day: November 13th, 2023

help-circle
  • I’ll repeat a reply I made as a top-level comment, as I think it’s a useful analogy:

    Opening a port is like installing a door in what was a brick wall in a back alley, then leaving it unattended while people might try to pick the lock. Unfortunately, the internet is a crime-ridden neighborhood, and that lock will be tested, likely within minutes.

    The “door” in this analogy is a port forward on your router, and the “lock” is whatever security is provided by the service you expose on that port. Some services are battle-tested and more trustworthy than others, but nearly everything has a bug in it somewhere.

    I no longer leave any ports open, other than just one for Wireguard. Wireguard in general won’t reply to unauthenticated packets at all, so it’s essentially an invisible door. I can’t speak to OpenVPN, it may or may not behave similarly. Leaving an SSH server visible is an invitation for automated password-guessing.