I wish to setup IIS with an old XP box which i dress in our our LAN at the office to ensure that I'm able to host some Silverlight stuff onto it that i'm plying with the I show it to others on the web. I've got a public IP setup already that shoots straight through my firewall and right to that machine, and that i sometimes use Remote Desktop to log into that machine and perform some misc work after i am in your own home. It's drive letters planned to data folders about the server, but no information is on that machine. I don't want to reveal my entire network to risks that I don't understand. So, could it be safe basically let people surf towards the public Ip hitting that machine using their internet browser?
So, could it be safe basically let people surf towards the public Ip hitting that machine using their internet browser?
You usually improve your risk level by permitting use of reliable assets, so "safe" is really a relative term. Within this situation, you're taking a possibly harmful level of risk by hosting this at same position where you want to conduct secure transactions (e.g. logging into your money).
Nevertheless, you are able to try taking some high-value, low-cost protective measures:
- Since you are behind a router, your router can perform dual purpose and behave as a firewall. Make certain that just the appropriate ports are open.
- Make certain the programs you take achieve this having a minimum of rights. If whatsoever possible, run these programs within an online machine, and employ that because the web server.
- Secure use of the programs you serve allow only reliable customers.
- Result in the public-facing part of the site minimal.
- Keep your application inside a different file root than anything else.
No. In the event that machine becomes jeopardized, they've the secrets towards the kingdom, as they say. You need to setup a DMZ between it and also the relaxation of the network. You ought to have another machine that's available via VPN for RDC.
I'd not do that for 3 reasons:
- As Shaun stated, your possibly providing the secrets towards the kingdom
- You wouldn't want attention attracted for your network unless of course you be capable of mitigate a good sized DoS attack. Who knows once the content you host will tick off another person leading to this. Which means, all of your network could (theoretically) be slashed removed from the outdoors world.
- Even when a compromise is contained towards the DMZ, you risk getting that server delivering out Junk e-mail around the globe. You don't want the discomfort of having that IP from a DNSBL while outgoing company mail would go to a black hole.
Its too cheap to cover hosting or co-location of the small server elsewhere.
Added reason #3
IIS 5.1 is restricted to 10 synchronised connections, and many browsers open 2 or even more connections to download images along with other page elements.
IIS 5.1 and XP reveals everything automatically. Undergo and switch off all unnecessary features in IIS and all sorts of unnecessary, network-facing services in XP.
As lengthy while you bear in mind that you're giving outsiders use of a piece of equipment that's attached to your internal network, and keep your machine current you'll be "safe".
Personally I recommend getting outdoors hosting therefore keeping your personal network safer, and letting the hosting provider be worried about upgrading software, keeping out attackers and looking after the network. It doesn't cost much, and can relieve a lot of the headache you would need to otherwise cope with.