Safe for external GUI admin login access enabled?
-
I was wondering if it is considered safe to have external GUI admin access enabled?
If I have a strong password of course. Do others have theirs open to external access?I have it disabled right now, so the only way to access the admin/gui is from inside my network.
thanks
-
I don't need remote access so I have the custom port I assigned to it blocked by a WAN rule.
-
I VPN into the network or RDP to a LAN machine. Port is only open via the LAN.
-
I would defenately NOT recommend to allow external access to GUI on WAN.
If you can not do as others have suggested before me (VPN etc) and you have to connect externally somehow I would recommend that you at least create an access list and only allow traffic from a small number of known IP addresses. You could combine this with the use of 'denyhosts' or similar techniques to auto block after three failed login attempts or similar.
Better safe than sorry. Best is not open anything that you do not really need and to only use secure methods/protocols/configurations, for example if you allow SSH from any to one of your boxes behind the firewall and do not use denyhosts you indirectly allow anybody to gain access to a machine behind the firewall, from this machine they can compromise your entire network (including firewalls) whichs is even worse than "just" allowing anobody to access your GUI on WAN.
-
So is it accepted to create a VPN server on the pfsense computer, that you login to first?