How can I set up the Synology SFTP?
So I have SFTP running on a server that I'm working on. It works fine, and it has a very long random password like 20 digit password to login. I've already looked at the Synology logs and since port 22 is exposed hackers have already tried and failed at guessing a way in (IPs from India) etc.
I'm thinking that it might be more secure to use a VPN which you can set up with Synology and then just access the files from there? That said, a VPN requires forwarding ports too so really how is this any more secure than just using the SFTP service?
All of these services exposed to the WAN could have an exploit that is discovered (buffer overflow exploits) etc. that could be taken advantage of to gain remote access to the system or run arbitrary code etc.
What steps should I take to secure this? I have a decent amount of knowledge about this, but I'm always down to learn more. The first most obvious step to me is change from port 22 to a totally random port.
What else can I do? How can I keep from being exploited? We could just use the VPN server and OpenVPN on the clients into the Synology file server, and then use SMB or SFTP still, but since that opens ports too, how is that more secure?
Regarding the Synology SFTP, the generally accepted option is a VPN. To make it more secure (additional layer) you could use that VPN to access a jump box, a machine that can then be used to access the FTP service after logging in to it. I would suggest a full tunnel VPN and a jump box that allows you to upload files, maybe using a client like FileZilla. I would suggest that you do not use any RDP services directly on the internet.