How to Remotely Connect
When it comes to connecting to your services while away from home, there are two common methods to approach this: through connecting to a self-hosted Virtual Private Network or broadcasting your services to the World Wide Web. These techniques can be used individually or combined to create a tailored experience.
Virtual Private Network
Just like a corporation or university, you can self-host a Virtual Private Network server from home. This enables anyone with the proper credentials to securely connect individual devices to your Local Area Network. This way, your services can be available to you, friends and family – even while away from your home – without making them accessible to the public internet.
This is clearly not the ideal for hosting a WordPress blog or Flarum forum intended for an online audience. VPN access can be the perfect balance of security and convenience for a small or exclusive audience – such as Bookstack for a tabletop roleplaying campaign. Some services may require using a web domain to properly function, but access can still be restricted to access from your LAN.
For accessing services that handle private personal information such as Actual Budget or Paperless-ngx, this is the most secure option. By requiring authorization to remotely access your Network, you can greatly decrease your attack surface – or the amount of publically-accessible software that may contain software vulnerabilities that can be leveraged by malicious actors.
These type of software vulnerabilities are commonly called zero-day exploits because they are either unknown or unfixed.
While open-source software can improve security by putting more eyes on potential vulnerabilities, it does not mean there will not be breaches. Software projects are written by developers with varying priorities, including security and privacy. You do not need to be as concerned about the security of individual software programs when everything is protected behind a singular VPN program.
| Comparison |
|
Security |
Security starsstarsstars By requiring authentication before even connecting to any services, you can greatly decrease your overall attack surface. |
|
Shield_with_heart |
Convenience starscirclecircle This will need to be configured on a device-by-device basis. Once the service has been setup, you just need to make sure you stay connected. |
Web Domain Name
ThisSelf-hosting processa willweb involvedomain involves connecting your server andto it'sthe servicesWorld Wide Web. We accomplish this by linking the Public IP address assigned by your ISP to a domain name you control. This adds your public IP address to the worldDomain wideName web.System Thisregistry that helps web servers locate each other.
Web domains – such as example.com – are hierarchical with deeper levels appended to the front. The URL above contains a top-level domain ("com") and a second-level domain ("example"), joined by a period. When you own a domain name, you can create additional sub-domains – like app.example.com.
Broadcasting your server on the World Wide Web makes it extremely simple for you to access your serverservices from anywhere in the world using anyonly device.a web browser. This is, however,is equally true for everyoneevery person in the world who has access to the internet.World Wide YouWeb. canAt the end of the day, we are opening our server to the whims of the open internet – and any potential malicious actors.
We will take proactive steps to harden security, preempt vulnerabilities and limit fallout,fallout. butSWAG atmakes theit end of the day you are opening yourself and your serversimple to thesetup opensecure internet.encryption for our web domain. YourAuthelia Web servers address will be accessible by lookup on the Domain Name System databases.
Similar tois a VPN, a well-configured single sign sign-on service that can decrease your attack surface.surface by Insteadprotecting ofyour individual apps like radarr managing their authentication, eachservices with theirthe ownsame potentialtrusted authentication system. Fail2Ban and CrowdSec are open-source solutions for vulnerabilities,automatically servicesidentifying likeand autheliaintercepting canmalicious actactors. as a dedicated middle man.
| Comparison |
|
Security |
Security starscirclecircle By requiring authentication before connecting to any services, you can decrease your overall attack surface. |
|
Shield_with_heart |
Convenience starsstarsstars Once the service has been setup, you just need to make sure you stay connected. |
Combination
WhileYou usingcan atailor domainyour nameWeb server as needed to access an application, such as app.example.com, it is possible to restrict access to it to users onfind your localpreferred Networkbalance orbetween connectedsecurity byand VPN.convenience. ThisWe providescan leverage the convenience and memorability of aweb domain namenames andwhile still retaining the security of a VPN.Virtual Private Network. This techniqueenables requireswebsites to be easily accessible while still denying access to anyone outside of our Local Area Network.
We can provide access to Cockpit at cockpit.example.com, but deny access to anyone attempting to access it from outside your Wi-Fi or Ethernet network. At the mostsame configurationtime, butwe can produceprovide thepublic mostaccess tailoredto experiencea forpersonal balancingWordPress security and convenience.blog. ForWhen example,combined with a VPN, you can requirestill thatprovide asecure userremote be on the VPN or local networkaccess to accessprivate actual or radarr, but OwnClouddata and yourservices. website are accessible to the open internet.
diagram showing inside and outside access to a local restricted address.
| Comparison |
|
Security |
Security starsstarscircle By requiring authentication before connecting to any services, you can decrease your overall attack surface. |
|
Shield_with_heart |
Convenience starsstarscircle Once the service has been setup, you just need to make sure you stay connected. |