Security Considerations for Torus Pro (1:1 NAT)

Torus Pro provides a dedicated public IP address mapped directly to your device via 1:1 NAT. This means your equipment is reachable from anywhere on the internet — exactly as if it were plugged directly into a public network.

Retro and legacy systems are typically used by enthusiasts inside a trusted network. These systems predate modern network-based threats and typically fail to meet modern encryption standards, are unpatched for years if not decades, have little to no protection against brute-force attacks, and the list goes on.

Before You Enable Torus Pro ask yourself:

• Do I need this system reachable from the entire internet, or just from specific locations?
• What services am I exposing, and do they transmit credentials in plaintext?
• Would a compromise of this system affect other devices on my network?
• Am I prepared to monitor logs and respond to incidents?

If you simply want to access your retro equipment remotely yourself, full public exposure may not be necessary.

Protection Consideration:

• SSH Tunnelling: Run a small Linux box (Raspberry Pi, old laptop, VM) on your network that accepts SSH connections. Access legacy services by tunnelling through it. The retro systems never need direct exposure.
• Bastion Host with Fail2ban: If you have a Linux gateway in front of your legacy gear, deploy fail2ban to block IPs after failed authentication attempts. Not foolproof, but raises the bar. IP Whitelisting: Apply a restrictive ACL on your edge network devices. There is ongoing development to undertake this directly through the user control panel and block it at the hub.