brent saner on 28 Aug 2015 06:27:49 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Securing Web Site for External Traffic


use TLS. self-signed 4096-bit cert. use client-side certificate auth. ta-daaaaa.


On Fri, Aug 28, 2015, 09:15 Thomas Delrue <delrue.thomas@gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

If you're thinking of putting baby monitors and other fun toys on it,
then I would suggest the following rule in iptables which will solve all
your problems:
sudo iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable

In reality though, really, what you're doing is punching a whole in your
wall just waiting for someone else to go all hulk on it. Chances are,
even if you put a username/password on it, you'll either never enter it
on your phone because it's too long and hard (it's a secure and long
password, right?) or you will have something that says 'use cookie to
always let me in' which is a whole different security problem now (ever
walked around Anacostia, DC? You'll be 'relieved' of your cell phone
quicker than you can say 'wah?').
Getting a digital burglary through this is not so much an 'if' as it is
a 'when'...
0 stars, would not recommend digital burglary again

But that's like... just my opinion, man...

On 08/28/2015 08:50 AM, Louis K wrote:
> Hey Pluggers, I've got a simple website running behind my firewall
> for administrating our various web-based devices and services (dvr,
> baby monitor, etc). I'm thinking about forwarding port 80 on my
> router to make the site accessible from outside our home network.
>
> What are people's opinions of the best way to secure such a site? I
> think the easiest would be http auth with user/password, but is that
> "secure enough"?
>
> I was also thinking about a vpn solution but am admittedly pretty
> green with that stuff and would need it to work on different
> platforms (iOS and droid).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCgAGBQJV4F1LAAoJEKosl9oIs/pO7I0P/0eyqw4QyCtxDkad0RT0Xl1g
fdN8MTCI53NOPa0NrdgU48qx+ImeIH2qbhdm1aBdQNnNVD2fTl3tRBBn0S2ant3p
dQ/aOpmU+rGCOq5+52ZN4BDB6i6gUtGIDOKCdLVAEyyq/slPwnGSZbddLP0mTD1a
qPphF28z9JPp5s1kBQLsgq0oHZk9UmHGOC+8s+HDf8FRVt2G1ZVsUKr/Ybh/U3Gt
8OG0SgHbg2vXcPPKFAIcnCzQ9dhjxIREmFuM6gkpmSXhhxqTKjuorsCGKpDZonKQ
rvseB7HyCDuTbEC1zi8DPcGOrvucK7UYU3Z5b9RC6vJl8cQpBIrfAeDXGfSB7dkp
HR1hxMcqR7xceeoFiO+VYzfrN3vzhugGP2zFyznXjh1+SOpOmLgpRXp7SHNACLS5
LPgisWLBcTIOntQFZ3n+7oHDPbZ4y3B1RGAHQLVlAft3AE/YAjhynt+mqP4ulOWw
kcvx/M6aMQluc0mb4kRfbroMlflBB4SbYO2ilCAZUCQPo9Eyz02t19vyrkIZXgHu
g7chrkc9gRPbscti68/XlP5O1E6S0XaECiKNGEAA7aJEdQLNcFoL3Zl9Iu9X9EF3
15zyO5wGSHknRX6AakWNeM1f6/aW07IeoIkdk5NM04VPQ5hn4lzUptNtikHIBXmo
OEOD+fHhE3zKfbBd5Obo
=zSR2
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug