Hello and welcome to the Tuesday, February 18th,

2000-25 edition of the Sands and then at Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Well, today's diary was a little bit more of an opinion piece, but with a practical background.

And that's the we are seeing so many vulnerabilities in these edge devices.

SISA and a couple of other international, also government agencies did come up with their

guidance.

I found it a little bit too abstract in some ways.

So I wanted to distill it down in particular with sort of a small, medium-sized business

background and what you can do to really make an impact here and reduce your attack

surface.

And that's really one of the big things is reduce your attack surface.

Don't expose those admin interfaces.

Expose as little as possible. Never expose a web application that you

don't have to expose. Simple SSH access, maybe a VPN, like OpenVPN or a WireGuard or

whatever your preferred VPN technology is. And even at that, you know, leave it at one VPN technology.

Don't have like two or three exposed.

That'll make life so much easier.

And then, of course, no, patching and such follows.

But that then becomes a little bit less important.

And it's one of those things where you don't have to be quite behind it

to really get stuff update as quickly as possible

...