Title says it all, if there’s someone more secure as far as I’m aware pls lmk. I’m saying is based on if u maintained and keep constant updates on VPN, SSH, etc. VPN is the top interms of security correct? Sorry I’m new to this
VPN isn’t a protocol. And neither would it be for remote access.
WireGuard would be a specific protocol. But you can’t remotely access a machine with WireGuard alone.
1, VPN isn’t a protocol. IKev2, Ovpn, wireguard, and such are protocols.
-
The most secure option is to have a physical fiber line that is physically under observation for the entire stretch with a bespoke quantum safe protocol encrypting the line.
-
Anyone with enough money can probably find a way in, shielded communications is only a a layer of security, not the be all end all solution. It doesn’t matter if you use a vpn and then have a dumbass plug in a USB that kills your nuclear plant.
Now, for practical homelab security, making sure your dns requests don’t leak is one step to improve security that is easy to establish.
Spinning up single use VMs on a cloud service to operate as your own exit node is another.
Multi Hop vpns can help, but again, with enough time and logging people can figure out when packets were sent from your two (or more) end points
So my recommendation is to spin up logless vms with untraceable currency (gift cards paid in cash sourced from very far away or crypto) to operate as a multi hop system, mixing in some public VPN services can either help or hurt depending on your goals.
Ideally keep everything running for the shortest time possible. Ideally less than a work day then burn it all.
Now, if you need to aquire this level of anonymous, i would strongly encourage you to consider what you are doing.
If your app involves sailing around in a boat like Jack Sparrow, then a public log-less non American public VPN provider is fine. If your App involves more than that, do consult a cybersecurity expert. (Those that consumes schedule 1 substances are almost always not government affiliated, though times are changing and the NSA is down on recruitment.)
VPN is an umbrella term for many different technologies. There are different VPN protocols like IPSEC, WireGuard, OpenVPN, etc… Generally speaking a modern VPN like WireGuard is secure enough for Homelab use.
Vpn is a general term
a VPN is just a tool, how that tool is built/secured matters more than the protocol itself.
Most popular VPN’s (e.g. OpenVPN / Global protect / other large vendors) will surfice and are one of if not the most securre ways to access a network atleast compared to just exposing your devices to the internet directly.
Remote access to what OS?
SSH for Linux/Unix and RDP for Windows. Properly implemented these are secure and encrypted. A VPN would provide an encrypted network for the encrypted traffic to travel across but it’s maybe a little overkill (unless it’s corporate and the only way in)
VPN is not a protocol. It’s a technology that uses various protocols. You can use L2TP/IPSEC, WireGuard, OpenVPN, IKev2/IPSEC and so on.
They all have advantages and disadvantages. Some may even have security flaws and not secure at all since they are so old that they don’t support newer cryptographic algorithms.
SSH is also secure. Especially if you know how to harden it and disable old vulnerable ciphers and options on the protocol.
Even using just and https end point can be as secure as anything else. It all depends on the software you use and if it has unpatched known vulnerabilities.
So worst thing for security is the dumb human who sets up the services and doesn’t know what they are doing (no personal attack. Just in general speaking)
VPN is a way of access your internal network externally - there are many different protocols that enable this (ie. OpenVPN, Wireguard etc.)
Nothing is 100% secure online - if your device is connected to the internet there is always a platform for attack for anyone wanting to try - the idea of security is to make it difficult enough so they give up and move onto someone else
If you’re looking for more secure options for remote access beyond traditional protocols like SSH, you can explore solutions like BeyondTrust (for privileged access) or Zero Trust Network access (for overall network security).
It is the most secure way to expose services while not at home for basically anyone on this and other subs. VPN isn’t a protocol though. There are different VPN like Wireguard, OpenVPN, IPSEC and so on.