• the_crotch@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    5
    ·
    22 hours ago

    hide your RDP server behind some VPN

    Anyone who isn’t doing this already is dumb. Same goes for exposing ssh publicly. I don’t care that you’re using a cert to log in, if there’s a 0 day in the openssh server you’re boned

    • Max@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 hours ago

      If there’s a 0 day in the VPN software then I’m also probably boned. The chances of that seem on par with the likelihood of an openssh vulnerability? I feel like vpns are useful to secure services without good authentication, but their use in front of an openssh server has never made much sense to me.

      • the_crotch@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        9 hours ago

        They would have to breach the vpn and then also breach the other services once they’re on your network. It’s another layer of protection.