I’m stuck where I want security, but my family wants ease. So while I’m okay with tunneling into my own private network, my family struggles and don’t even use something if it’s not stupidly simple.
I just throw everything behind my reverse proxy and work on hardening that server and then wrapping authentication with Authentik SSO. Then I just block anything outside the US at CF. You really just need to worry about making it too difficult for the script kiddies and mass scanners. People with real skill are going to focus their time on businesses and other high value targets
But if I didn’t want to do all that, I already have a device management platform deployed out (ManageEngine Endpoint Central (free for up to 25 devices)) so I’d just enforce a VPN that way then they wouldn’t have to think about it
Would love how you approached it.
I’m stuck where I want security, but my family wants ease. So while I’m okay with tunneling into my own private network, my family struggles and don’t even use something if it’s not stupidly simple.
I just throw everything behind my reverse proxy and work on hardening that server and then wrapping authentication with Authentik SSO. Then I just block anything outside the US at CF. You really just need to worry about making it too difficult for the script kiddies and mass scanners. People with real skill are going to focus their time on businesses and other high value targets
But if I didn’t want to do all that, I already have a device management platform deployed out (ManageEngine Endpoint Central (free for up to 25 devices)) so I’d just enforce a VPN that way then they wouldn’t have to think about it