| Thomas Delrue on 28 Aug 2015 06:15:34 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Securing Web Site for External Traffic |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 If you're thinking of putting baby monitors and other fun toys on it, then I would suggest the following rule in iptables which will solve all your problems: sudo iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable In reality though, really, what you're doing is punching a whole in your wall just waiting for someone else to go all hulk on it. Chances are, even if you put a username/password on it, you'll either never enter it on your phone because it's too long and hard (it's a secure and long password, right?) or you will have something that says 'use cookie to always let me in' which is a whole different security problem now (ever walked around Anacostia, DC? You'll be 'relieved' of your cell phone quicker than you can say 'wah?'). Getting a digital burglary through this is not so much an 'if' as it is a 'when'... 0 stars, would not recommend digital burglary again But that's like... just my opinion, man... On 08/28/2015 08:50 AM, Louis K wrote: > Hey Pluggers, I've got a simple website running behind my firewall > for administrating our various web-based devices and services (dvr, > baby monitor, etc). I'm thinking about forwarding port 80 on my > router to make the site accessible from outside our home network. > > What are people's opinions of the best way to secure such a site? I > think the easiest would be http auth with user/password, but is that > "secure enough"? > > I was also thinking about a vpn solution but am admittedly pretty > green with that stuff and would need it to work on different > platforms (iOS and droid). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCgAGBQJV4F1LAAoJEKosl9oIs/pO7I0P/0eyqw4QyCtxDkad0RT0Xl1g fdN8MTCI53NOPa0NrdgU48qx+ImeIH2qbhdm1aBdQNnNVD2fTl3tRBBn0S2ant3p dQ/aOpmU+rGCOq5+52ZN4BDB6i6gUtGIDOKCdLVAEyyq/slPwnGSZbddLP0mTD1a qPphF28z9JPp5s1kBQLsgq0oHZk9UmHGOC+8s+HDf8FRVt2G1ZVsUKr/Ybh/U3Gt 8OG0SgHbg2vXcPPKFAIcnCzQ9dhjxIREmFuM6gkpmSXhhxqTKjuorsCGKpDZonKQ rvseB7HyCDuTbEC1zi8DPcGOrvucK7UYU3Z5b9RC6vJl8cQpBIrfAeDXGfSB7dkp HR1hxMcqR7xceeoFiO+VYzfrN3vzhugGP2zFyznXjh1+SOpOmLgpRXp7SHNACLS5 LPgisWLBcTIOntQFZ3n+7oHDPbZ4y3B1RGAHQLVlAft3AE/YAjhynt+mqP4ulOWw kcvx/M6aMQluc0mb4kRfbroMlflBB4SbYO2ilCAZUCQPo9Eyz02t19vyrkIZXgHu g7chrkc9gRPbscti68/XlP5O1E6S0XaECiKNGEAA7aJEdQLNcFoL3Zl9Iu9X9EF3 15zyO5wGSHknRX6AakWNeM1f6/aW07IeoIkdk5NM04VPQ5hn4lzUptNtikHIBXmo OEOD+fHhE3zKfbBd5Obo =zSR2 -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug