The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

My first server - things I can do with it, and how to make it secure

UncleSporkyUncleSporky Registered User regular
I'm finally getting access to a lower powered PC to use as an always-on home server. I'm pumped to set it up and see what I can do with it, but I'm not very knowledgeable yet.

I don't care about setting up a home network between PCs. Right now I'm most interested in remoting into it and also using it as a file/multimedia server. It's going to be running XP Pro, this isn't debatable. I want it to be as secure as possible without going crazy overboard, and I want it to be cheap or free.

I guess what I want to know most are the risks - with these services enabled, what is the weakest point? Basically I want the only thing I have to worry about to be the strength of my own passwords, not the password being plucked from a packet or someone seeing what I'm doing remotely, and especially nobody being able to access my main computer through my router.

I assume remote access is the least secure. Most of the free VNC sort of programs I've found don't have any sort of encryption on them. Is there a way to do this securely without resorting to a middleman like Hamachi?

How do I set up a file server? Do I just need something like WinSCP or Filezilla, or are those only for the client computers?

What if I wanted to do some web hosting? Do I have to set up a DMZ using two routers like I've read about, or is there an alternative?

Sorry if this is rambling, I have more questions than answers at this point.

Switch Friend Code: SW - 5443 - 2358 - 9118 || 3DS Friend Code: 0989 - 1731 - 9504 || NNID: unclesporky
UncleSporky on

Posts

  • DigitalSynDigitalSyn Dr Digital Cumming, GARegistered User regular
    edited August 2010
    I'm finally getting access to a lower powered PC to use as an always-on home server. I'm pumped to set it up and see what I can do with it, but I'm not very knowledgeable yet.

    I don't care about setting up a home network between PCs. Right now I'm most interested in remoting into it and also using it as a file/multimedia server. It's going to be running XP Pro, this isn't debatable. I want it to be as secure as possible without going crazy overboard, and I want it to be cheap or free.

    I guess what I want to know most are the risks - with these services enabled, what is the weakest point? Basically I want the only thing I have to worry about to be the strength of my own passwords, not the password being plucked from a packet or someone seeing what I'm doing remotely, and especially nobody being able to access my main computer through my router.

    I assume remote access is the least secure. Most of the free VNC sort of programs I've found don't have any sort of encryption on them. Is there a way to do this securely without resorting to a middleman like Hamachi?

    How do I set up a file server? Do I just need something like WinSCP or Filezilla, or are those only for the client computers?

    What if I wanted to do some web hosting? Do I have to set up a DMZ using two routers like I've read about, or is there an alternative?

    Sorry if this is rambling, I have more questions than answers at this point.


    First thing first.. Windows XP is a horrible OS to run a server on. Sure its familiar, but then you dont learn anything.


    Second Filezilla does have an FTP Server for windows, and is really the only windows based open source FTP server I would recommend. They provide the server and the client.

    Apache is great for web traffic
    VNC is decent for an RDP replacement, since you won't be able to use any terminal services on XP.
    http://www.tightvnc.com/ -- Client and Server
    As for filesharing, inside your network standard shared folders is fine. Typically your router does not let this traffic flow out on to the internet.

    Really, the sky is the limit... and even more so if you decide to install a linux variant.

    DigitalSyn on
    Xbox360: D1G1T4LSYN ( Yes, those are numbers. )
    PSNID: DigitalX86
    Nintendo ID: digitalsyn
    3DS Friend Code: 5300 - 9726 - 6963
    Steam: http://steamcommunity.com/id/D1G1T4LSYN/
  • GnomeTankGnomeTank What the what? Portland, OregonRegistered User regular
    edited August 2010
    XP and secure don't belong in the same sentence together, just to get that out of the way. You can do some things to plug the holes, but it's never going to be as secure as a properly setup UNIX variant.

    GnomeTank on
    Sagroth wrote: »
    Oh c'mon FyreWulff, no one's gonna pay to visit Uranus.
    Steam: Brainling, XBL / PSN: GnomeTank, NintendoID: Brainling, FF14: Zillius Rosh SFV: Brainling
  • DigitalSynDigitalSyn Dr Digital Cumming, GARegistered User regular
    edited August 2010
    GnomeTank wrote: »
    UNIX variant.

    I see what you did there.:winky:

    DigitalSyn on
    Xbox360: D1G1T4LSYN ( Yes, those are numbers. )
    PSNID: DigitalX86
    Nintendo ID: digitalsyn
    3DS Friend Code: 5300 - 9726 - 6963
    Steam: http://steamcommunity.com/id/D1G1T4LSYN/
  • darkgruedarkgrue Registered User regular
    edited August 2010
    I'm finally getting access to a lower powered PC to use as an always-on home server. I'm pumped to set it up and see what I can do with it, but I'm not very knowledgeable yet.

    I don't care about setting up a home network between PCs. Right now I'm most interested in remoting into it and also using it as a file/multimedia server. It's going to be running XP Pro, this isn't debatable. I want it to be as secure as possible without going crazy overboard, and I want it to be cheap or free.

    A good place to start is with OS hardening. The DISA Security Technical Implementation Guide (STIG) series is a good (free) reference library for doing this sort of thing. The latest one for XP is here. It's no light reading, but it does explain vulnerabilities and give the instructions on how to plug them up. In the commercial/government world, these guides are typically used as baselines for configuring workstations and servers, and they are periodically updated.
    I guess what I want to know most are the risks - with these services enabled, what is the weakest point? Basically I want the only thing I have to worry about to be the strength of my own passwords, not the password being plucked from a packet or someone seeing what I'm doing remotely, and especially nobody being able to access my main computer through my router.

    That's a pretty tall order, starting from scratch as a beginner. It's doable, but there's a pretty steep learning curve.
    I assume remote access is the least secure. Most of the free VNC sort of programs I've found don't have any sort of encryption on them. Is there a way to do this securely without resorting to a middleman like Hamachi?

    Yes, but the solution depends on the type of remote access you want to do. For secure terminal access, there's nothing more reliable than SSH. VNC can be run through an encrypted tunnel (but can be a PITA if you're not using a commercial version). Microsoft's Remote Desktop Connection software has secure connections, even. It all depends on what kind of remote access you need/want.
    How do I set up a file server? Do I just need something like WinSCP or Filezilla, or are those only for the client computers?

    Again, depends on what kind of file service you want to host. A common one would be FTP, but there are further security considerations in configuring any additional services, especially if you wish to allow uploads. You can host files off of a web server as well, such as IIS.

    If you're planning on hosting multimedia (like to your 360 or PS3), some other service might make more sense, like Zune or WMP. But those are limited to the LAN.
    What if I wanted to do some web hosting? Do I have to set up a DMZ using two routers like I've read about, or is there an alternative?

    Keep in mind that hosting services (if you are a home user) that are available to the external Internet may violate the TOS for your ISP. A lot of ISPs don't mind if you're doing peer-to-peer stuff, like online console gaming, but they draw the line once you start hosting full-time services. Read your contract first. I have a business account service at home for exactly this reason (it also gives me static IP addresses, which regular residential service doesn't offer).

    At a minimum, you'd have to configure port forwarding, a DMZ is an alternative means of configuring a service host. Whether it requires two routers or not depends on the network configuration. You'll also need some way to get to your server, either a static IP address (and maybe a domain name), or some other means such as DynDNS.

    If you're only planning on hosting services to your LAN, and not planning on having them externally accessable, you've got a lot less to worry about. You don't have to worry about your ISP's TOS, need a DMZ, port forwarding, or any sort of DNS service. You just make sure that your router has NAT and a Stateful Packet Inspection (SPI) firewall - pretty much every router today does - and make sure it's on.

    All that being said, there's no generic or set answer for the questions you've posed. Better defining your goals and constraining the problem (such as you've already done by limiting the host system to Windows XP) would yield better suggestions; but keep in mind there are multiple "correct" ways of doing what you're proposing.

    darkgrue on
  • NailbunnyPDNailbunnyPD Registered User regular
    edited August 2010
    You can RDP into an XP Pro machine. No need to install VNC or the like.

    NailbunnyPD on
    XBL: NailbunnyPD PSN: NailbunnyPD Origin: NailbunnyPD
    NintendoID: Nailbunny 3DS: 3909-8796-4685
    steam_sig-400.png
Sign In or Register to comment.