I believe that would be another layer of security that I mentioned. In my case, the remote access methods use non-standard ports, a multi-step port knock to even open the ports, and complex usernames and passwords. Only secure connections are allowed (no http, ftp, or telnet from the internet for example). From specific IPs on my local LAN, it's a little less stringent.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission