Re: [tlug] Introduction and defense of home webserver

[Raymond Wan <rwan.kyoto@example.com>]

Hi Kevin,


On Sun, Jun 14, 2015 at 2:17 PM, Kevin Sullivan <csr-kts@example.com> wrote:
>> Do you have anything to worry?
>
> Worry? Me? From who? Nothing on the server itself of interest to thieves
> or law enforcement.


I doubt I have much to add to all the great suggestions given so far
by people who are more knowledgeable than me.

Only want to point out that thieves and law enforcement aren't your
primary concern.  It's the many bored people who have nothing better
to do than to test your security.  I guess they use "average servers"
(i.e., those that don't belong to the CIA, Sony, etc.) as a testing
ground.  Or, maybe they're just bored because the Warcraft server is
down (no offense to Warcraft players intended ;-) ).

And your only worry isn't that they will take something...  If they've
gotten in, you'll be stressed out wondering what it is they've done
and how to reverse it.  And this could take a lot of time.

A thief that breaks into your home and takes your tv is worrying.  A
thief that breaks into your home and doesn't take anything is also a
cause for concern!

As for another point you raised in another thread, I would forget the
rsync over Windows (as Christian just said).  I tried to set it up
within an office intranet and it isn't worth it unless you find your
family members uploading a lot of photos and videos.  Configuring it
was a pain.  Perhaps just doing an ftp over ssh (i.e., scp) using
something like Filezilla will be good enough

I'm not sure if this is a good idea (perhaps someone can chime in?),
but if you have other computers in your home, maybe you should block
off access *from* this publicly visible computer via a firewall, just
in case.

Ray