# Securing my node...
I just set up Wireguard VPN and configured SSH for keypair access only. I'm new to running a node, are there any security issues I should be thinking of, other than the basics for a Linux box?
Discussion
Put it on a DMZ in case of compromise. This will make it harder for lateral movement in case of compromise.
The fewer apps its running the smaller the attack surface. Only run what you need.
Add a white list for IP that can access it via ssh. Ensure its your lan subnet only.
Enable tor and use a proxy.
Run a vulnerability assessment. Openvas would be suitable.
Disable root, don't allow ssh as root. Make sure its always up to date.
Optional:
Random username
Login failure daemon
Ip allow list of you can
Extra credit:
Port knocking
Controversial:
Non standard port