Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Introduction and defense of home webserver



On 6/13/2015 10:57 PM, Kalin KOZHUHAROV wrote:

It is always getting better, problem is how far ahead are you, say
from script kiddies and automated scanners.

To be perfectly honest, they are WAY ahead of me! I muck beyond minimal initial installs only if necessary, fearing I may well mess it up with misguided "improvements."

##KTS Added 6/14/2015

is my friend in .conf files!

Do you have anything to worry?

Worry? Me? From who? Nothing on the server itself of interest to thieves or law enforcement.


All my admin work would be done inside the home networks through
SSH.  Later I would be interested in allowing trusted remote users
access (inside my own ISP and town) so I could host their virtual
websites they maintain remotely. What is the minimum necessary, FTP, SSH?

Trusted remote users.... Are you going to provide multi-factor
authentication for them, using tokens/certs/whatever issued by you?
And have them sign EOL? And monitor them? And audit their environment,
enforcing certain standards (patching) on the systems used by those
users (they are trusted by default, right).

Or it just means, folks that I had beer with ;-)

Friends and family who are not PC savvy, could have been hacked themselves, etc. I am only interested in allowing them a

/user/sister1/public_html/
/user/friend1/public_html/

area to do their own uploading and playing with, no installing their own software without (calling, convincing me, me doing the install... in other words, unlikely beyond basic LAMP and wordpress or static pages they maintain themselves.) No money/business angle on the hosting for me, service to family/friends I know personally. I will need to learn basic admin and auditing in a multi-user environment, like I said I come from single-user mindset through DOS, Win, OS/2 and Linux. Far far into the future would be running my own private hosting site for profit... um.. any !easy! money in that? ;)

And FTP...? In 2015?

My outdated ways get jeered. Yay! Let the learning commence. What is the modern "safe" way for users to upload their updated website to their area? some <!web_enable_user_upload = yes> toggle in proggie.conf?

That is a bit sketchy for assessment, but think about that Win7
getting p0wned via WiFi then stealing your credentials to the server.

Yeah, right. 10M from my house, a sketchy-looking van with antennas creeps by to gain access to the wonderland of my precious iPhone photos of the latest car project or lunch photos. I am just not a target or doing anything interesting enough to be bothered with beyond just being out there. My vision of an attacker would be remote and lazy and in no way interested in visiting my village. Would limiting no broadcast and using MAC addresses of the few trusted hardwares to my home WiFi be the way to go? Less than 10 devices.

How are you
managing this router? Are you patching it, monitoring it?

Nope, about a year old, in Japanese, Elecom and I-O Data. I did change admin/admin password, woohoo! (recently!) BTW, both Win and Server are only single gigabit LAN NICS.

And whatever you do, try to use some of those automatic free tools
against your setup to make sure you stay ahead of the script kiddies
(nmap, nessus, nikto...); organise your logs and look analyse them (as
opposed to looking with less); and keep off-server and off-line
backups.

OK, do you have a favored URL of "please.test.attackmyserver.net" to suggest?

Cheers,
Kalin.

Thank you, Security Consultant Kalin


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links