[thelist] Hosting at Home

Ken Schaefer Ken at adOpenStatic.com
Thu Nov 24 05:21:57 CST 2005


-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Shawn K. Quinn
Subject: Re: [thelist] Hosting at Home

On Wed, 2005-11-23 at 13:58 +0200, Hershel Robinson wrote:
>> I have a fixed IP and I have a (I think) good router with 
>> a firewall. It's a Netopia Model 3387W-ENT [1]. I run Apache 
>> on a Windows box for local testing and so I know it a bit. 
>> I am in a wild and crazy mood and I am considering the 
>> possibility of setting up a xAMP server in my house 
>> and putting there a website.
>> 
>> I might build a Linux box or I might use my existing Windows 
>> server. I know little about Linux put I understand that to 
>> build a simple LAMP server can be fairly easy these days.
> 
> GNU/Linux is a great choice for a server, as are FreeBSD and 
> OpenBSD. I would strongly urge you not to even attempt to use 
> Windows for a server.

Our weekly dose of fantasy from Shawn.

Any security person will tell you that:
a) Any modern NOS (*nix, MacOSX, Windows Server) is securable to whatever
degree required (outside a few specialized applications)
b) You should stick to what you know best. Security is a process not a
product. You need to be aware of how to manage the server, you need to patch,
you need to follow best practices around reducing attack surface. If you play
with a product you don't know, your chances of "doing something stupid"
increase dramatically.

>> Something tells me that this is foolhardy however and if I have 
>> little experience with servers and firewalls, it is not wise to 
>> open even a single port of mine and let the world into my LAN. 
>> Maybe someone will talk me out of this?
>
> A firewall is not strictly necessary with a properly secured 
> GNU/Linux or BSD-derived system,

Shawn - have you ever held a real job? One where you're actually responsible
for managing a non-trivial system connected to the internet? Or are you just
some kind of fanatic that dispenses this sort of advice with no real
experience to temper it with a good dose of reality? Or do you just not have
a clue about security?

Every network should have a properly configured firewall, or at the very
least a router not configured to route all unnecessary traffic. It's called
"defense in depth" and it's Security 101.

Cheers
Ken 



More information about the thelist mailing list