Port forwarding, DuckDNS with included lets encrypt (https), only.
Is it the securest?
Is it currently sufficient security?
For the moment, yeah I reckon so.
If I was really paranoid I’d only access via VPN with AES-256 encryption. Though there was an interesting article the other day about the problem with applications reusing public key generation algorithms:
Armed with this idea, the researchers scanned the web and collected 6.2 million actual public keys. They then computed the largest common divisor between pairs of keys, cracking a key whenever it shared a prime factor with any other key. All in all, they were able to break 12,934 keys. In other words, if used carelessly, RSA encryption provides less than security.
Full article: https://algorithmsoup.wordpress.com/2019/01/15/breaking-an-unbreakable-code-part-1-the-hack/
Or easily digested summary: https://hackaday.com/2019/01/16/rsa-encryption-cracked-easily-sometimes/
I thought about segregating my IoT devices on a seperate VLAN on my local netowk but have not yet implemented this as again it’s not a huge risk. I live in a low density area where wifi hacking is unheard of and have a segregated guest wifi network I turn on for guest and friends. The biggest impetus for actually doing this is running out of IP addresses in my currently defined network. Not there yet but it’s growing…