Thread replies: 11
Thread images: 1
Thread images: 1
Anonymous
Dedicated Server Setup 2017-04-03 04:08:57 Post No. 59719284
[Report] Image search: [Google]
Dedicated Server Setup 2017-04-03 04:08:57 Post No. 59719284
[Report] Image search: [Google]
File: watchguard.jpg (11KB, 450x187px) Image search:
[Google]
11KB, 450x187px
When setting up a dedicated server at home that will be used by people outside my home, should I use a secondary router that is separate from my primary one which people in my house use?
Trying to secure it so that the users of the internet around me will not be affected or infected.
At the moment, I'm using a RTN65U router.
>>
Setup VLANS and only allow the server to be accessed and dont allow the Server VLAN to be able to access the House VLAN
>>
>>59719284
What services are you going to run on the server? Most US isp's blacklist their residential ip addresses. So if you're wanting to do mail it's gonna end up in the spam box.
>>
>>59719284
we have a watchguard firewall in our office. I don't trust it.
Thoughts?
>>
>>59719695
A dedicated game server at the moment but I'm doing it more as a stress test and I am trying to learn from it
>>
>>59719720
You have the wrong focus. You shouldn't be worried about stress testing. You get compromised and your server could end up hosting child porn. It can be an expensive learning process.
Anyways more details on the games you plan to host will make it easier for people to give specific advice.
>>
>>59719957
Not OP but are there some good articles on locking down headless servers? I know this is an oxymoron, but what about a webgui tool for those less experienced to manage the server?
>>
>>59719713
It's fine if you manage it yourself
It's probably not fine if you have a service contract with an external company.
They can easily grab all your logs without you even knowing it.
Otherwise, watchguard is a decent firewall. Never had any issues
>>
What you want is a router with 3 network ports. One wan, one LAN, one DMZ. Dmz network is not linksys router kind where all traffic gets forwarded, rather its a segregated network.
LAN->dmz: allow all
DMZ->LAN: deny all
Wan->DMz: allow specific ports to a specific ip
This way if your web server in the DMz get hacked, they won't have access to your internal network.
If you're really paranoid, and you should be, block all DMz->wan traffic so DMz systems can't get to the internet except where allowed. This will protect from reverse shell attacks and attacks that need your server to download something from somewhere.
>>
>>59719284
There are a lot of things you could do to secure it. Getting a second router dedicated to the server is only useful if you also buy a separate internet connection for the server. That would be nice because it would be completely logically separated from your home network. Otherwise you should look into firewalls, vlans, auto-updates, and if you're really paranoid you could get an IDS or IPS.
>>
>>59720871
Also this. A DMZ is a great idea. I can't believe I forgot to mention that.
Thread posts: 11
Thread images: 1
Thread images: 1