Alert - Yesterday's SSH Login Failures

garm

garm

Wizard
Joined
Aug 19, 2017
Messages
1,556
James S said:
Sorry - I'm a bit tired of the stereotyped response, "stop exposing your NAS to the internet".
Click to expand...

That's your natural right, but you're wrong..

www.techtarget.com

Why relying on network perimeter security alone is a failure | TechTarget

Network perimeter security is failing enterprises. Paul Henry explains why enterprises need to evolve beyond perimeter defense.
www.techtarget.com www.techtarget.com

You do not have the skills to protect yourself... The only thing you can do is to not expose yourself
 
Patrick M. Hausen

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776
@garm But not exposing to the public Internet is perimeter defense.
 
garm

garm

Wizard
Joined
Aug 19, 2017
Messages
1,556
@Patrick M. Hausen yes yes, but James wants to accept incoming requests, there is a world of difference in breaching an invisible wall and one that talks back at you. Yes you still need layers, but zero trust and authentication scales way up as soon as you have a service talking back to the zombies on the other side of the wall.
 
J

James S

Explorer
Joined
Apr 14, 2014
Messages
91
I totally get this sentiment and I do think it's overblown sometimes. In my opinion, there's nothing wrong with exposing SSH so long as you've taken the proper precautions
Click to expand...
Great thanks - that is a bit of reassurance that I needed from someone deeper into this space than me :smile:
My recommendation for VPN is really more from the standpoint of convenience vs security.
Click to expand...
Again, thanks - this sounds like a pragmatic path (in other words more accessible than digging into SOCKS)
yes yes, but James wants to accept incoming requests, there is a world of difference in breaching an invisible wall and one that talks back at you. Yes you still need layers, but zero trust and authentication scales way up as soon as you have a service talking back to the zombies on the other side of the wall.
Click to expand...
What a great comment . . . It is the scaling that is the issue (he said, peering down into the void of PFSense firewalls, VPNs, SOCKS - and, from the sound of things that is just the starting point o_O)
 
Last edited:
N

NameAgain

Cadet
Joined
Jan 30, 2021
Messages
5
Actually, it is true that not exposing your NAS is safer. But I think first I would ask, do you need to do it? E.g. do you want to host a website etc.? In that case, I don't see any possibility to not expose your NAS. But you could create a second internal IP where your services are running behind Traefik. This will not stop attacks, but reduce them. @All which additional safety measures would you implement if you want to host services which should be accessible from outside?

I really liked this video: https://www.youtube.com/watch?v=QSMgfz5zrxo
 
You must log in or register to reply here.

Similar threads

D
Am I being hacked!?
Replies
9
Views
2K
dbrannon79
D
M
SSH login failures
Replies
1
Views
2K
NugentS
NugentS
P
SOLVED Unserstand Warning message: "The following system core files were found: smbd.core."
Replies
1
Views
7K
Redcoat
Redcoat
J
1664 SSH Login failures
Replies
18
Views
2K
Patrick M. Hausen
Patrick M. Hausen
joeschmuck
  • Locked
SSH Attack Attempt From My Own System?
Replies
8
Views
3K
joeschmuck
joeschmuck
Top