> sbjaerum Wrote: >> By forwarding port 9000 from my ADSL router to the machine running >> slimserver, I am able to connect to my slimserver from work. I can also >> stream using http://homeipadress:9000/stream.mp3. >> >> I am not a security expert. What are the security consequences for my >> home network if I permanently open port 9000? > > On the one hand, it's very unlikely that anyone is going to exploit the > open port. For a number of reasons > > 1) The only thing there is a fairly specialized web server, meaning > that the script-kiddies are going to pass it right by.
This is very true. Until slimserver gets more popular and you don't remember to close off the port. Or someone bored finds a hole and gives the exploit to a script kid. The obscurity of uncommon software is not security. > 2) For the non script-kiddies, who is going to _want_ to break into > your system such that they'd go to the trouble? If you're on a DSL or > cable connection then your IP is easily identified as a home > connection. It's just not worth anyone's time. While this is very untrue. Home connections are purposely attacked for phishing schemes, spam, virus mailing, etc.. These blocks are some of the most attacked on the Internet. It is worth their time if they make money from spam or phishing. One attacked cable modem could yield hundreds of credit card numbers from phishing emails. > On the other hand the HTTP server and the SlimServer application aren't > used to being on the public Internet so I'm sure that security against > exploits isn't a terribly high priority. Given that very few > SlimServers are facing the Internet unprotected it's unlikely that any > existing security holes are going to be found and then patched. Truely skilled people spend their lives tearing apart odd applications, and some of these people are not so honest. I wouldn't doubt that there are quite a number of security problems inside slimserver. Anyone who cares about the security of their home systems should not be giving any more privileges out than those that are absolutely necessary. I have yet to see any valid (to me) reason to open up slimserver to the world. A firewall allowing specific addresses through would be better. Encrypted tunnels requiring authentication would be best. Of course, you use keys for authentication and not password auth right?! =) --mikeb -- "Never believe anything until it's been officially denied" - Claud Cockburn _______________________________________________ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
