Network Security

Kernels & Hardware, configuring network, installing services

Network Security

Postby milomak » 2017-07-06 21:18

i have a kodi box (running sid)

i have set it up such that i can through a ddns type service access sabnzbd, sonarr and couchpotato. this is through a tp-link router that has as security the following enabled
Code: Select all
SPI Firewall:
PPTP Pass-through:
L2TP Pass-through:
IPSec Pass-through:
FTP ALG:
TFTP ALG:
H323 ALG:
RTSP ALG:


my concern is that someone could access the kodi box and then access my main box which is on the same network. what extra steps should i take to make the jump from the kodi box to what else is on the network difficult?

i realise that the likelihood of anyone targeting me is extremely low.
iMac - MacOS and Windows 10 (Bootcamp)/ Debian Sid (External SSD)
Laptop (64-bit) - Debian Sid, Win10,
Kodi Box - Debian Sid
milomak
 
Posts: 1661
Joined: 2009-06-09 22:20

Re: Network Security

Postby acewiza » 2017-07-06 22:23

milomak wrote:my concern is that someone could access the kodi box and then access my main box...

Not understanding why you seem to imply the Kodi machine might be more accessible or vulnerable than the main box.
milomak wrote:...make the jump from the kodi box to what else is on the network difficult?

The above statement seems to also imply the Kodi machine is less secure for some reason.

I would only suggest to ensure taking the basic local lockdown steps necessary to satisfy your need. Better detail on the security posture and use case(s) for the local network itself, not just the 2 boxes in question would lead to better ideas.

For example, if the machines listed in your sig is all there is and you are the only user, I wouldn't worry much more about it at all. :wink:
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 212
Joined: 2013-05-28 12:38
Location: Out West

Re: Network Security

Postby milomak » 2017-07-12 20:41

the kodi box has the added ability of being accessed directly through http://ddns.service.com:1234

the other computers on the network are not accessible via ddns. this seems to me to suggest it is more accessible. though possibly marginally so.
iMac - MacOS and Windows 10 (Bootcamp)/ Debian Sid (External SSD)
Laptop (64-bit) - Debian Sid, Win10,
Kodi Box - Debian Sid
milomak
 
Posts: 1661
Joined: 2009-06-09 22:20

Re: Network Security

Postby acewiza » 2017-07-12 23:54

What service responds to external connections on port 1234?
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 212
Joined: 2013-05-28 12:38
Location: Out West

Re: Network Security

Postby milomak » 2017-07-19 20:01

acewiza wrote:What service responds to external connections on port 1234?


the 1234 was an example of a random port i access the service through
iMac - MacOS and Windows 10 (Bootcamp)/ Debian Sid (External SSD)
Laptop (64-bit) - Debian Sid, Win10,
Kodi Box - Debian Sid
milomak
 
Posts: 1661
Joined: 2009-06-09 22:20

Re: Network Security

Postby acewiza » 2017-07-19 22:48

So if you're wanting to secure or verify security WRT this external access, you need to research and evaluate the security profile/posture/vulnerability status of the service you are forwarding this port to from the Internet.

The fact you appear to be running it on Sid would raise my old-school network security eyebrow, so to speak. I would never recommend running an Internet-facing service on a testing platform, just as a general best practice.
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 212
Joined: 2013-05-28 12:38
Location: Out West


Return to System configuration

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable