Use network configuration and access restrictions to expose to the outside world only what is needed.
From a network security point of view, remote host connectivity and access control are generally defined and scaled for these deployment categories:
No network connection.
Isolated local network.
Trusted internal network.
Untrusted internal network.
Internet-facing service.
These categories are ordered from low to high exposure to network security risks, and they are also described below in more detail in that order.