WireGuard as defense-in-depth
WireGuard as defense-in-depth
Posted Jul 3, 2024 19:05 UTC (Wed) by Wol (subscriber, #4433)In reply to: WireGuard as defense-in-depth by mjg59
Parent article: Serious vulnerability fixed with OpenSSH 9.8
Maybe I'm dense, and we'll need flussence to explain, but if wireguard is running on the firewall (which presumably has no legitimate reason to initiate connections to internal machines), don't you need some other exploit - for example sshd - to compromise an internal machine?
(Yes, once you're in the firewall, compromising other machines is easier ...)
I'm assuming wireguard and sshd are NOT on the same machine ...
Cheers,
Wol