[SATLUG] Questions about home server security

Alex Bartonek bartonekdragracing at yahoo.com
Sun Feb 10 13:46:36 CST 2013


Run stuff on a non-standard port, thats what I do.  On my server (running Solaris), I have unnecessary ports closed and I also have IPFilter implemented.  Use iptables under Linux to block what goes out also, so if you do get hacked, its localized.

--- On Sun, 2/10/13, Frank Huddleston <fhuddles at gmail.com> wrote:

From: Frank Huddleston <fhuddles at gmail.com>
Subject: [SATLUG] Questions about home server security
To: satlug at satlug.org
Date: Sunday, February 10, 2013, 12:35 PM

Greetings,

  I am wanting to set up a small server (Raspberri Pi with an attached hard drive), to serve mostly as remote backup/personal cloud, at my son-in-law's house. I'm concerned about the security implications, and don't want to expose his home computers to undue risk as a result. He doesn't run any servers at this time: only wirelessly connected laptops and cell phones.
  I've had a home server exposed to the internet for some time, and from time to time I see hacking attempts, but so far nobody has broken in (as far as I know). I use port-forwarding, and have only exposed the ports I think are necessary to the things I run: ssh, http, icecast, mpd/mpc, Subsonic. It's possible that I'd want a few more, and maybe drop a few I have now, but that gives you a general idea.
  I haven't done anything special to secure my servers: previously I ran NetBSD on one, but now they are Debian
(the Pi runs a variant called, I think, Raspian). I see there is an option on on his router to put a computer in the DMZ, but it says this should only be temporary, to test something out.. I don't have a DMZ on my own home LAN.
  So what can you tell me? I guess I really mean, what can I tell him? Is this relatively safe for his LAN? Is there something I should do to make it safer?

Thanks,

Frank Huddleston


-- _______________________________________________
SATLUG mailing list
SATLUG at satlug.org
http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
Powered by Rackspace (www.rackspace.com)


More information about the SATLUG mailing list