Best secure way to allow remote access to your home in 2023 without getting hacked
-
Sorry for the long topic title but it says it all.
Whats in 2023 a good and secure practice allowing access to your own home from elsewhere on the internet without getting hacked?
In the past I have used ssh running on a different non default port with keys and ssh tunnels to my VPN server or just used port forwarding over ssh to access my home stuff.
But now in 2023 it seems that this is not a good security practice anymore and VPN servers should be used to get into your own LAN/DMZ?
If a VPN is a better approach these days, should one use Wireguard now instead of OpenVPN?
Is running Wireguard or OpenVPN on your home pfsense CE router/firewall box a safe and secure option to keep hackers out of your network/pfsense CE box?
I have been using on and off pfsense for a long time now. A big thank you to all who make pfsense!
-
IMO a VPN is the best option. I happen to use WG to an internal server because it can create a QR code which makes client setup easy. There are other ways do do this.
SSH on any port will be found. If you choose this route be sure you use a key to make it more difficult to hack.
-
@Mux-0 I've been running OpenVPN for years. I recently ran Packet Capture over night and saw only 5 attempts. Each had only a single packet, which means they tried and saw nothing. I wouldn't be surprised if I'd seen similar without having OpenVPN available. This indicates OpenVPN is indistinguishable from nothing there. The attacker will try, get no result and then move on.
-
@AndyRH said in Best secure way to allow remote access to your home in 2023 without getting hacked:
SSH on any port will be found
Yep, a TCP port will respond, even if you can't get past it. A VPN that does not respond to attacks will not reveal itself.
-