I have my home server behind a wireguard vpn access.
While I am no security expert, or precisely because of that, I still try to follow security best practices for the internal setup if I can.
Of course you propably do not have to be as vigilant as if your services were publicly exposed. But I believe it is still a good idea to have some “defence in depth” and not assume only one possible attack vector, e.g. what if there already is a bad actor on your home network maybe via a trusted device that has some virus.
Also a plus is i guss if you ever decide to expose something later on you wont have as many issues.
I have my home server behind a wireguard vpn access.
While I am no security expert, or precisely because of that, I still try to follow security best practices for the internal setup if I can.
Of course you propably do not have to be as vigilant as if your services were publicly exposed. But I believe it is still a good idea to have some “defence in depth” and not assume only one possible attack vector, e.g. what if there already is a bad actor on your home network maybe via a trusted device that has some virus. Also a plus is i guss if you ever decide to expose something later on you wont have as many issues.