I'm finally getting access to a lower powered PC to use as an always-on home server. I'm pumped to set it up and see what I can do with it, but I'm not very knowledgeable yet.
I don't care about setting up a home network between PCs. Right now I'm most interested in remoting into it and also using it as a file/multimedia server. It's going to be running XP Pro, this isn't debatable. I want it to be as secure as possible without going crazy overboard, and I want it to be cheap or free.
I guess what I want to know most are the risks - with these services enabled, what is the weakest point? Basically I want the only thing I have to worry about to be the strength of my own passwords, not the password being plucked from a packet or someone seeing what I'm doing remotely, and especially nobody being able to access my main computer through my router.
I assume remote access is the least secure. Most of the free VNC sort of programs I've found don't have any sort of encryption on them. Is there a way to do this securely without resorting to a middleman like Hamachi?
How do I set up a file server? Do I just need something like WinSCP or Filezilla, or are those only for the client computers?
What if I wanted to do some web hosting? Do I have to set up a DMZ using two routers like I've read about, or is there an alternative?
Sorry if this is rambling, I have more questions than answers at this point.
Posts
First thing first.. Windows XP is a horrible OS to run a server on. Sure its familiar, but then you dont learn anything.
Second Filezilla does have an FTP Server for windows, and is really the only windows based open source FTP server I would recommend. They provide the server and the client.
http://filezilla-project.org/download.php?type=client -- Client
Apache is great for web traffic
VNC is decent for an RDP replacement, since you won't be able to use any terminal services on XP.
Really, the sky is the limit... and even more so if you decide to install a linux variant.
PSNID: DigitalX86
Nintendo ID: digitalsyn
3DS Friend Code: 5300 - 9726 - 6963
Steam: http://steamcommunity.com/id/D1G1T4LSYN/
I see what you did there.:winky:
PSNID: DigitalX86
Nintendo ID: digitalsyn
3DS Friend Code: 5300 - 9726 - 6963
Steam: http://steamcommunity.com/id/D1G1T4LSYN/
A good place to start is with OS hardening. The DISA Security Technical Implementation Guide (STIG) series is a good (free) reference library for doing this sort of thing. The latest one for XP is here. It's no light reading, but it does explain vulnerabilities and give the instructions on how to plug them up. In the commercial/government world, these guides are typically used as baselines for configuring workstations and servers, and they are periodically updated.
That's a pretty tall order, starting from scratch as a beginner. It's doable, but there's a pretty steep learning curve.
Yes, but the solution depends on the type of remote access you want to do. For secure terminal access, there's nothing more reliable than SSH. VNC can be run through an encrypted tunnel (but can be a PITA if you're not using a commercial version). Microsoft's Remote Desktop Connection software has secure connections, even. It all depends on what kind of remote access you need/want.
Again, depends on what kind of file service you want to host. A common one would be FTP, but there are further security considerations in configuring any additional services, especially if you wish to allow uploads. You can host files off of a web server as well, such as IIS.
If you're planning on hosting multimedia (like to your 360 or PS3), some other service might make more sense, like Zune or WMP. But those are limited to the LAN.
Keep in mind that hosting services (if you are a home user) that are available to the external Internet may violate the TOS for your ISP. A lot of ISPs don't mind if you're doing peer-to-peer stuff, like online console gaming, but they draw the line once you start hosting full-time services. Read your contract first. I have a business account service at home for exactly this reason (it also gives me static IP addresses, which regular residential service doesn't offer).
At a minimum, you'd have to configure port forwarding, a DMZ is an alternative means of configuring a service host. Whether it requires two routers or not depends on the network configuration. You'll also need some way to get to your server, either a static IP address (and maybe a domain name), or some other means such as DynDNS.
If you're only planning on hosting services to your LAN, and not planning on having them externally accessable, you've got a lot less to worry about. You don't have to worry about your ISP's TOS, need a DMZ, port forwarding, or any sort of DNS service. You just make sure that your router has NAT and a Stateful Packet Inspection (SPI) firewall - pretty much every router today does - and make sure it's on.
All that being said, there's no generic or set answer for the questions you've posed. Better defining your goals and constraining the problem (such as you've already done by limiting the host system to Windows XP) would yield better suggestions; but keep in mind there are multiple "correct" ways of doing what you're proposing.
NintendoID: Nailbunny 3DS: 3909-8796-4685