Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.
Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.
Rolled back to the backup before I made it public and now I have a security checklist.
Another one who misunderstands that phrase… Yes, obscurity shouldn’t be your only line of defense, but limiting discoverability of your systems should be an integral part of your security strategy.
There’s no difference to the work I need to do to secure an open SSHd vs an open WireGuard server. None.
Yes I harden, and penetrate, systems for a living. If your systems need remote access there is no standard (neither in fintech or military) that classifies SSHd as being “worse” than a VPN.