Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
There’s a few things you can do to harden your setup then (many of these are on my TODO as well): - setup Fail2Ban to ban IP addresses for multiple failed login attempts. DSM does this for your server but that doesn’t cover connecting to docker images - you could setup a Bitwarden organization that everyone is a part of, then as the org admin, mandate timeouts or password strengths from the Policies section. Note that timeouts are for Single Org only, so you can’t use multiple orgs at once (ex. School, Work 1, Work 2, etc) - you could take a look at Authelia to provide 2auth when connecting to the server. Haven’t tried it myself so don’t know exactly how it would behave with bitwarden - add geoblocking via Pfsense or pfblocker - Checkout a mutual tls (vpn alternative) like Poerium