Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Introduction and defense of home webserver

Kevin Sullivan writes:

 > I am dipping my toes into running a Debian (stable) webserver (LAMP, 
 > Wordpress) at home from my cable connection.
 > The domain is up and only port 80 is forwarded through the router to my 
 > server. All my admin work would be done inside the home networks through 
 > SSH.

You might consider using 443 (HTTPS) as well or instead.  Especially
if you are lending your server to family and friends.  Unless you
insist on an authenticated connection, it doesn't really increase
server security, but it helps to protect passwords (people might have
pages they want to restrict to family or other authorized users).

 > Later I would be interested in allowing trusted remote users access
 > (inside my own ISP and town) so I could host their virtual websites
 > they maintain remotely.

As Kalin also pointed out, this may not be a great idea.  Although the
days of ADSL are long gone (in Japan, anyway), most home providers do
insist on an asymmetric allocation of bandwidth.  Your *incoming*
bandwidth is likely to be a lot higher than *outgoing*.  And even if
it's not restricted beyond what the hardware supports, likely if you
start serving at MB/s rates you'll hear about it from your provider.

 > What is the minimum necessary, FTP, SSH?

FTP is a definite NO.  Use rsync over SSH.  If your clients can't
handle that, think twice about allowing them on your system at all.

 > Internet =>
 > Cable ISP =>
 > 172.16..Router1 => (:80 forwarded to static IP server)
 > (192.168.2.. DHCP home network with Win7, Server, various WiFi mobile 
 > devices)

Is Router1 the cable modem, or is it a separate host?  Again as Kalin
points out, Router1 and all the other hosts, especially the Win7 host,
should be considered vulnerable (unless you're the only user and
you're rather careful about the things you download, and your wireless
network is secure).  Securing the routers themselves is relatively
specialized work.  You'd hope that the vendors would distribute them
thoroughly locked down, but that isn't always the case.

 > Security implications?

Depends on what you consider valuable.  Figuring out what you
want/need to protect from whom is the first task in security planning.

 > If any of you run a home webserver / know the issues or dangers, or 
 > could suggest the proper google search terms leading to the right 
 > sources? Thanks.

Start with Bellovin and Cheswick "Firewalls and Internet Security"
(the authors' names are spelled right, the book title is a bit shaky).

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links