I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?
I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?
Putting it on a non standard port will change nothing
Security through obscurity is not sufficient. It’s also not nothing.
Wireguard doesn’t respond to port scans so it changes nothing
Assume a security researcher finds a bug in wireguard that, if sent a malformed packet, it can crash the service. Then it would be trivialy easy to send that packet to the default port on every IP address and just crash everything for fun.
It costs me nothing to increment the port by 1 and avoid all that drama.
It is going to make fingerprinting more annoying while evading default port scans. That isnt nothing but you do you boo