Hey all, long-time SmartThings user here starting to make the move to HA. I’ve got a question regarding security specifically related to using Nabu Casa cloud. Currently I’m handling external access by forwarding a port on my router to my instance of HA. (I also have SSL configured, and plan to add MFA shortly) However, what bothers me a little about this setup is that I’m exposing my instance of HA to the internet. Even if I’m doing everything else right, anyone hitting my IP address from anywhere in the world is now “inside my LAN”. And that means my security is now dependent upon there being no security holes in HA itself as well as whatever Python libraries it’s using.
However, if I were to use Nabu Casa for remote access, my (possibly wrong) assumption is that this method is inherently more secure because a potential bad guy is not inside my LAN until after they’ve authenticated. Or to put it differently, no one is hitting my instance of HA directly because we’re both going through a middleman. (Nabu Casa)
Is that correct assumption on my part, or am I off-base? I’m not a tinfoil-hat wearing paranoid type, but I do want to make sure I fully understand the pros/cons of the two different remote-access scenarios as it relates to security. Also, if there are any official write-ups on security best practices for HA I’d love to be directed to that too. Thanks for any info!