|brent saner on 28 Aug 2015 06:27:49 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] Securing Web Site for External Traffic|
use TLS. self-signed 4096-bit cert. use client-side certificate auth. ta-daaaaa.
-----BEGIN PGP SIGNED MESSAGE-----
If you're thinking of putting baby monitors and other fun toys on it,
then I would suggest the following rule in iptables which will solve all
sudo iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
In reality though, really, what you're doing is punching a whole in your
wall just waiting for someone else to go all hulk on it. Chances are,
even if you put a username/password on it, you'll either never enter it
on your phone because it's too long and hard (it's a secure and long
password, right?) or you will have something that says 'use cookie to
always let me in' which is a whole different security problem now (ever
walked around Anacostia, DC? You'll be 'relieved' of your cell phone
quicker than you can say 'wah?').
Getting a digital burglary through this is not so much an 'if' as it is
0 stars, would not recommend digital burglary again
But that's like... just my opinion, man...
On 08/28/2015 08:50 AM, Louis K wrote:
> Hey Pluggers, I've got a simple website running behind my firewall
> for administrating our various web-based devices and services (dvr,
> baby monitor, etc). I'm thinking about forwarding port 80 on my
> router to make the site accessible from outside our home network.
> What are people's opinions of the best way to secure such a site? I
> think the easiest would be http auth with user/password, but is that
> "secure enough"?
> I was also thinking about a vpn solution but am admittedly pretty
> green with that stuff and would need it to work on different
> platforms (iOS and droid).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug