April 28, 201610 yr Hi, I know generally speaking you'd rely on your router to offer protection against a server and I've read on various threads about people advising folk to get their server back behind DMZ protection. My question is. Out of the box and once a good password has been applied to 'root' user. Are there any internet risks that would lead to hackers or sniffers being interested in my server? Telnet is only accessible if you have the password right? What about SMB shares etc?
April 28, 201610 yr When you setup shares you choose if they are available to anyone on the network, if someone has to login, or if you wand to handover to AD to handle permissions. If you pick the default anyone who can get onto your network can get into your shares. I'm not sure I understand your question. What is your objective / concern?
April 28, 201610 yr Author more prevention. I was not sure if UnRaid was internet ready if ever exposed to the net. But generally speaking if all users have good passwords and SMB shares are set to use a password. There are no risks if no other apps have been installed?
April 28, 201610 yr Hi, I know generally speaking you'd rely on your router to offer protection against a server and I've read on various threads about people advising folk to get their server back behind DMZ protection. My question is. Out of the box and once a good password has been applied to 'root' user. Are there any internet risks that would lead to hackers or sniffers being interested in my server? Telnet is only accessible if you have the password right? What about SMB shares etc? First you should never have your OotB unRAID server on a DMZ, or fully open to the internet. Yes hackers and sniffers would tonally be interested in your server. People have posted logs with attempts to log into via SSH every couple of seconds when they had that open to the internet. There are no risks if no other apps have been installed I believe you are asking "If I install something like Plex and forward ports for Plex to have intrenet access is that a risk?" The answer is yes, but it's a standard risk that everyone that uses Plex takes. Someone might find security issues with Plex that allows exploitation, so you are really relying on the security of that app.
April 28, 201610 yr Hi, I know generally speaking you'd rely on your router to offer protection against a server and I've read on various threads about people advising folk to get their server back behind DMZ protection. My question is. Out of the box and once a good password has been applied to 'root' user. Are there any internet risks that would lead to hackers or sniffers being interested in my server? Telnet is only accessible if you have the password right? What about SMB shares etc? To me it sounds like you are saying "if I have a good password, and install no more apps, can I just expose the server to the internet directly ?". Well: NO ! Unraid is only meant to be used in a LAN environment, it would be a very bad Bad BAD idea to put it fully in a DMZ .. Question would be though: Why would you ? What do you want to do that you think you need your unraid system to be in a DMZ for ?
April 28, 201610 yr You don't want to expose anything to the internet at first except your router, if your UnRaid server is behind your router you are fine. If you start opening ports on your router to allow in SSH, you are asking for trouble, hackers scan port 22 all the time so the only think between a hacker accessing your server at that point is your password, and they will try and try and try to guess it. If you need remote access to your UnRaid server I suggest you look into VPN solutions.
April 28, 201610 yr Unless he is confused about what a DMZ is --- his OP would make a lot more sense if we assume he thinks the DMZ is the protected part of a LAN. What makes me think that is the use of "back behind DMZ protection" -- that would make a lot more sense if he misunderstood what a DMZ is.
April 28, 201610 yr Community Expert Q1: Why would anyone want to hack my server? A1: Because it's there. Q2: Why would anyone go to the trouble to hack my server? A2: No trouble at all. It's all totally automated these days.
April 29, 201610 yr Author Hi, I feel that I understand DMZ fine. DMZ enables the ability to isolate a segment of the network and open it up to the internet (remove firewall protection) by entering the IP into DMZ.
April 29, 201610 yr Hi, I feel that I understand DMZ fine. DMZ enables the ability to isolate a segment of the network and open it up to the internet (remove firewall protection) by entering the IP into DMZ. Meaning that every request originating from the internet that is not sent to another system (by portforwarding) is sent to that system.. I can hardly think of any system you would want to host in that environment.. for personal use.. Why would you want to do this ? Forgive me if this analogy is a bit weird but feels like you are asking "I have this knife and I am thinking of sticking it in my stumach, should I insert on the left or right hand side" .. There might be an answer to that question (left is nog such a good idea), but a much more important reply would be: WHY?? We are using our knives to peel apples and slice our steaks...
Archived
This topic is now archived and is closed to further replies.