Workstation for editors Unsafe?!

yoyoSE156d

I just had someone assist me with settingup my pfsense.

My setup: https://imgur.com/yDjRKrM

My plan was to have my editors/designers connect remotely to my pc workstations for work. Providing these beefy devices will help them with productivity. But the person that assisted me with pfsense said this is not a correct setup and has high security risk.

I saw some YouTubers doing this, even Linus tech. Am i doing something wrong here with my setup (hardware wise). I havent setup configs for pfsense yet or havent added any packages. But i was just concerned because of the commment on my setup.

jimp

If you allow direct remote connections to the local PCs using port forwards or some other similar mechanism that anyone that knows you address can hit, that's very insecure (e.g. RDP, VNC, etc, directly exposed to WANs).

If you have them connect to a VPN first (WireGuard, IPsec, or OpenVPN) and then connect to a local system, that's not so bad.

Beyond that the risk is in how much you trust the people connecting in. Ideally they'd connect to PCs/VMs in an isolated network/VLAN away from your own personal home network so they don't have any opportunity to disrupt or access your other systems.