Originally published at: http://www.howtogeek.com/175446/how-risky-is-it-to-run-a-home-server-secured-behind-ssh/
When you need to open something on your home network to the greater internet, is an SSH tunnel a secure enough way to to do it?
Personally, I don't like the idea of just opening up services on computers inside your secure, internal network.
If you're going to set up a server, set it up on a second network and use a second router to protect your inside network.
In brief, it goes something like this:
- Buy an additional, wired router. Configure its LAN addresses to be something different than what your current router uses. (If your current router sits on 192.168.1.x, then set the new router to 192.168.2.x)
- Hook up your border router directly to the cable modem or DSL modem. This router should NOT have WiFi
- Plug your server into that router's WAN ports.
- Plug you internal router's WAN port (which can have WiFi) in to your border router's LAN port.
- On your border router, forward ports to your server as appropriate.
- This setup will allow you to access shared drives on your server from inside your secure network. So take advantage of that to make daily backups to another PC.
This solution protects your internal network from being hacked by your web server, but still allows you to host personal services from home.
This topic was automatically closed after 10 days. New replies are no longer allowed.