I’d assume you are missing a log source.

Unattended-upgrades ftw

Why would you want to port forward your dns?

Csam is an objectively better name.

‘Porn’ implies consent.

I’m not missing any point. It should be clear to people who don’t understand security that running a protocol on a different port doesn’t mean shit for safety. “Because it doesn’t get as much attention” wouldn’t mean anything to any enterprise firewall the moment it’s not an http header.

Sure, just don’t mistake port switching for actual security.

Running ssh on 443 doesn’t do anything unfortunately. A proper port scan will still detect such a common protocol.

https, wireguard and mumble.

Just set up shodan monitoring, use burpsuite or owasp zap, and check your pcap files for accidental plaintext.

Also ssllabs has a nice website checker.

And get a NGFW