I have not, I tend to avoid services and diy it
in the context of the comment you referenced:
Definitely have the server on its own VLAN. It shouldn’t have any access to other devices that are not related to the services and I would also add some sort of security software.
If you have a public service that you expect to have multiple users on you definitely should have some level of monitoring whether it is just the application logs from the forum that you want to host or further have some sort of EDR on the server.
Things I would do if I was hosting a public forum:
And if the user base grows I would also add:
Just tailscale really.
My services are only exposed to the tailscale network, so I don’t have to worry about otger devices on my LAN.
A good VPN with MFA is all you really need if you are the only user.
Robots walking through the streets of new York, shooting lasers at any traffic light or fire hydrant they suspect
Llama88.01-i8739372673: “Does that leaf look off to you?”
GPT67.89-i873963847: “Yeah, but probably just a natural mutation”
The leaf:
If for example the server is actually a computer in the LAN and maybe it’s also his media server and his backup server then potentially any compromise could lead to his personal information leaked and or other computers in the LAN compromised.
So what could actually happen? His personal photos and passwords and accounts can be leaked or taken over. He could be spied on by accessing his webcam. A lot of things could go wrong.
You are right. Learning by doing is awesome. Just be sure to do it in a safe way. Get a VPC. Do it there. No personal information, no access to other services. Just this service, just for this purpose. Worst case scenario, if it’s taken over, the only thing that’s harmed is the forum itself. Which is not the end of the world, I’m guessing.
The onion should post real news on april 1st
Especially if this is from a computer that has access/information beyond just the public service.
Don’t do it.
Hosting a public service with no real knowledge of security can only end badly.
Get a vpc, do it there, learn from mistakes.
It’s more than just HTTPS, you also need proper authentication, regular updates, emergency updates for critical vulnerabilities, ideally some sort of monitoring to detect potential misuse of the service or any escalations from the service to the OS.
Ask yourself this: If this was your first time driving a car, would you rather do it in an empty parking lot where at worst you will damage the car. Or would you rather do it in a busy street where at worst you can kill someone?
Yes but not legally. They are also legally bound to EU laws, which would protect the clients that bpught the software. But! Just like plenty of companies pulled out of Russia, if the US does not care and decides ro enable this behavior then they could do it without too much trouble.
But I doubt this would happen, the EU is a big part of their income, and money is what they care about.
Nothing that comes to mind, but simple search of the SIEM you are going to use in youtube and pirate bay should provide some good starters
I suggest skipping the devops part and instead starting with a course. If you go with setting it up you will probably spend 95% of the time doing devops and not security (which is usually the client of the devops team that maintains the SIEM)
IP based blocking is complicated once you are big enough or providing service to users is critical.
For example, if you are providing some critical service such as health care, you cannot have a situation where a user cannot access health care info without hard proof that they are causing an issue and that you did your best to not block the user.
Let’s say you have a household of 5 people with 20 devices in the LAN, one can be infected and running some bot, you do not want to block 5 people and 20 devices.
Another example, double NAT, you could have literally hundreds or even thousands of people behind one IP.
“Trust your gut” sorry but our gut means our monkey brain. If logic is an option, trust logic. Trust your gut only applies if:
Technically they could have had been using a computer without any temperature sensors or fans and each row was actually a 1GB file.
And also they had a hairdryer pointed the the drive.
It’s possible!
Now think how flat chested women feel, even the bra is non functional as pocket
Judge much? Just to spite you I won’t do my dishes for a month now! I hope you are happy.
Me every few months not doing the dishes for two weeks.
It is important to know that they are not easily reversible and not as cheap to reverse So I won’t be that light-hearted about it but yeah, they’re generally pretty simple to get and Might be possible to reverse
Already exists and being used, search for “smart shopping carts”
I honestly don’t see how that is worse than Trump. Is it terrible? Yeah. Is Trump worse? Also yeah