May I seek your advice on how can I further protect my surveillance station. Currently I have forwarded ports to allow users(me and my family when we are out of the house) from the Internet to access my Surveillance station. Here is what I have and what configuration I have applied.
On my pfsense, created a VLAN where the Surveillance Station is hosted. I have installed Suricata and assign it to the VLAN interface where the surveillance station is hosted. Installed Pfblocker and using GeoIP Inbound blocking to countries that is different from mine.
On Synology, disabled the administrator account and created another administrator account. Using HTTPS protocol to access my site. Enable 2fa on all users. Assign different ports per application. Made sure using the most current DSM version (not using Beta).
Do you have any suggestion aside from configuring a vpn and access it behind vpn? The reason is I am waiting for the wireguard to comeback on pfsense but that’s a different topic.
Thank in advance for any suggestion.