I just throw everything behind my reverse proxy and work on hardening that server and then wrapping authentication with Authentik SSO. Then I just block anything outside the US at CF. You really just need to worry about making it too difficult for the script kiddies and mass scanners. People with real skill are going to focus their time on businesses and other high value targets
But if I didn’t want to do all that, I already have a device management platform deployed out (ManageEngine Endpoint Central (free for up to 25 devices)) so I’d just enforce a VPN that way then they wouldn’t have to think about it
I just throw everything behind my reverse proxy and work on hardening that server and then wrapping authentication with Authentik SSO. Then I just block anything outside the US at CF. You really just need to worry about making it too difficult for the script kiddies and mass scanners. People with real skill are going to focus their time on businesses and other high value targets
But if I didn’t want to do all that, I already have a device management platform deployed out (ManageEngine Endpoint Central (free for up to 25 devices)) so I’d just enforce a VPN that way then they wouldn’t have to think about it