I’ve been running my server without a firewall for quite some time now, I have a piped instance and snikket running on it. I’ve been meaning to get UFW on it but I’ve been too lazy to do so. Is it a necessary thing that I need to have or it’s a huge security vulnerability? I can only SSH my server from only my local network and must use a VPN if I wanna SSH in outside so I’d say my server’s pretty secure but not the furthest I could take it. Opinions please?

  • Appoxo@lemmy.dbzer0.comEnglish
    6·
    9 days ago

    IMO this attitude is problematic. It encourages people (especially newbies) to think they can’t trust anything, that software is by nature unreliable. I was one of those people once.

    IMO: Exactly the reverse. That’s how we get clients clicking and agreeing to everything presented without for once thinking critically.

    In 6 working years (MSP) I had probably less than 10 occurrences of clients questioning a security concept from their own action.
    If we didnt protect them from their own stupidity, the amount of cyber breaches would explode…

    Just recently:
    A client: I clicked on the box that is asking me for domain credentials.

    The client didnt say what type of window it was or what happened before/after.
    The client juat contacted us, because the pc wouldnt connect to the network and thus was unusable… >_>

    • JubilantJaguar@lemmy.worldEnglish
      13·
      9 days ago

      Possibly it’s about personality types. I was only going on my own experience. Of always being told by a chorus of experts “Oh no you don’t want to do that!” and ending up being terrified to touch anything. When I now know that I usually had nothing to be afraid of, because dangerous things tend to be locked down by design, exactly as they should be.