Sabahattin (I probably butchered your name and should have cut and pasted it, but I sort of disagree. Let it be said though I’m not questioning your clue as of the folks on list you’re definitely at the top of people I’d have administering servers for me but.
I wonder the value of having public internet connections allowed in to your home network like that. I could see for example compromising your server and then starting to sniff local traffic on your home network. Maybe you run a VPN 24/7 on all machines, I don’t at home to be fair. I’ve made the call that WiFi WPA2 with AES is pretty good, I have a block any any at the edge for inbound and then I look for anomalies on the wire. Virus code is also tested for on the inbound side by a Sophos antivirus engine with signatures polled periodically. Nothing earth shattering. But what I figure is if I poked a hole in that’s a vector for someone to use to get around all that other stuff. I could put it on a separate DMZ with all different network range but still. Is there a Microphone or anything they can activate? I absolutely trust that you could detect or probably even prevent intrusions but I suspect you and I don’t have 24/7 operations centers observing our networks for badness.:) People like Digital Ocean do. I know they use Arbor products for example that look at the data stream for all sorts of attacks and than can alert or automatically take action. People don’t have that ability at home. Your VPS is definitely naked but isn’t that what iptables is for? Maybe I’m to old school, when I was tought the admin game it was always bad form to put a firewall out front because it was a point of weakness when it came to DDOS among other things. To easy to swamp. I was always taught harden the box in the first place and leave the network stuff to the propeller heads. Personally, that’s when I found the network stuff more interesting and became one of the propeller heads mentioned but I’m just thinking out loud. I’m wondering if the ability to secure the home box is really as good as a perceived naked VPS in the cloud. I had someone screwing with my NTPD on a digital ocean box and they were the ones who detected it and pinged me to fix it or offered to put a block in place around UDP 123. I wouldn’t have gotten that at home, might have just lost my cable connection with out any sort of advanced warning knoing the carriers here. See my line of thinking any way, what do you think? On 6/12/16, 12:26 PM, "Sabahattin Gucukoglu" <macvisionaries@googlegroups.com on behalf of listse...@me.com> wrote: >In keeping with my cloud-withdrawal paradigm, I’m actually moving away from >the VPS space again, and back to a Mac Mini—a dedicated Mac Mini with all my >data on it, that runs Linux. The power here doesn’t cut out a lot, but the >Mini is configured to restart on power restoration, and I feel that the >downtime is insufficient a reason by itself. Having said this, I do agree >that isolation makes a lot of sense, and that you do need to be very careful >when configuring servers. In particular, a VPS can run mail servers, and mail >servers host email, so by running a VPS you’re hosting your email in a >potentially trust-free zone (just like absolutely any free email provider at >all, of course). IWFM to host at home, but YMMV. I have an ISP that assigns >me a static IP, that also helps a lot, and I know my way around the registrar >system and Internet infrastructure generally, but I totally get the >convenience of having someone else run your VM for you. > >And switch to a better registrar if you don’t like GoDaddy. Joker is who I >use, but there are probably better choices for newbies. > >-- >The following information is important for all members of the Mac Visionaries >list. > >If you have any questions or concerns about the running of this list, or if >you feel that a member's post is inappropriate, please contact the owners or >moderators directly rather than posting on the list itself. > >Your Mac Visionaries list moderator is Mark Taylor and your owner is Cara >Quinn - you can reach Cara at caraqu...@caraquinn.com > >The archives for this list can be searched at: >http://www.mail-archive.com/macvisionaries@googlegroups.com/ >--- >You received this message because you are subscribed to the Google Groups >"MacVisionaries" group. >To unsubscribe from this group and stop receiving emails from it, send an >email to macvisionaries+unsubscr...@googlegroups.com. >To post to this group, send email to macvisionaries@googlegroups.com. >Visit this group at https://groups.google.com/group/macvisionaries. >For more options, visit https://groups.google.com/d/optout. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
