1

I self-host a custom service that I programmed. The client program sends TCP packets to the server program in order to get a response, but all clients are outside of my local network, so I need to forward a port for their installations of the client application to communicate with my server instance, which is running on Windows Server 2016. I am concerned about the security of this configuration.

Currently, I have the firewall set up to only allow incoming connections to the server via the designated port to be passed to the server instance via Windows Firewall. No other port is open on the router, and the server machine will not accept traffic from any other port, or allow it if the server instance is not running. I use a consumer grade router, with a dynamic public IP, with a script running on the server machine to update the CloudFlare DNS records on my domain as the dynamic IP changes. I don't know much about networking, so I'm unsure if my current configuration is really safe. I don't have many resources to use, as I'm limited to my home network and don't have any other real networking equipment. The server runs alongside others and everything else connected to my home network on the same subnet, which is where I'm really concerned about the security of this setup. The service I'm hosting does not serve any sensitive or personal information, and does not have access to it. I guess what I'm worried about is the vulnerability of other devices, and whether it is possible for attackers (which is probably is) to access other things than the server instance of my custom service. A VPN solution is not viable.

Am I safe just with Windows Firewall and that of my router, and the fact that my service does not (to my knowledge) does not have any "backdoor" that exposes the content of my server machine, and therefore other things on the network?

I'm sorry I'm using rudimentary ways to explain my situation/setup, but I'm not really good with networking. I'm just a programmer equipped with a home network that needs my service to be accessible from outside the LAN.

Thanks in advance

you are viewing a single comment's thread
view the rest of the comments
[-] ProfessionalAd3026@alien.top 1 points 1 year ago

Look into certificate based authentication. If the clients don’t present a certificate issued by your CA, the connection won’t be fully established.

this post was submitted on 20 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS