Network Security

M

Maroon_sl

shitlord
8
0
I'm setting up a web server (ubuntu server 12.4 with lamp stack) that will be accessible from the internet for fun/education/hosting. In regard to security, I think i'm a little confused on how i should be setting up this machine in a way that prevents access to my private LAN.

  • is configuring a firewall on the server the way to go?
  • I was also thinking of setting up a router with 2 VLans (also a good opportunity to get some Cisco experience). Is that a better/worse option?
  • I thought about setting up a DMZ, but from what i understand, that would open up all ports, and require lots of plugging up. Is that worth it?

Does anyone else host a web server from home any have a good suggestion? Any network pros know this stuff inside and out that could offer some advice?

thanks
smile.png
 
gogusrl

gogusrl

Molten Core Raider
1,359
102
VLAN's are the easiest way to do this. Again I'm gonna shill aMikrotikinstead of Cisco. Even the 40$ model (951-2n) will do anything you might need (if you're not routing more than 80-100mbps or going crazy with the filtering & stuff ).
 
R

Remit_sl

shitlord
521
-1
2nding Mikrotik. You will need to provide the security on the router, and isolate the server from your lan. Vlan or port isolation will do this. Dont DMZ, you will get port scans and login attempts on any available services. Only forward what you need to the server.

I run a modified version of this for my edge router:
http://wiki.mikrotik.com/wiki/Securi...outerOs_Router
 
O

Obtenor_sl

shitlord
483
0
Also,

For the love of anything that's holy, disable any shit you aren't using, run a quick self scan with nmap and close any open port you see and aren't using.
 
You must log in or register to reply here.