this post was submitted on 13 Nov 2023
5 points (100.0% liked)

Self-Hosted Main

21 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Like, I hear all the time that you shouldn't open any ports on your networks fire wall for security reasons this and security reasons that. But what are the actual security implications/risks of forwarding a port for something like Jellyfin or a Minecraft server or something like that? Explain like im 16 (or something)

you are viewing a single comment's thread
view the rest of the comments
[–] csandazoltan@alien.top 1 points 1 year ago

Port forwarding is like putting your apartment number and name on the door of the apartment complex, so someone coming would know which apartment to go.

This apartment is unlocked, it is the not "buzzing in kind"

So even if someone wants to break in and finds your door, the security and safety of your door what matters.

---

Port forwarding in itself is "not" a security risk, if you are mindful, disable automatic port forwarding (uPnP) and open only the ports what is needed.

The security risks come from the softwares that listen to an opened port.

The internet itself is working on port forwarding, any website is port forwarded to the webserver on port 80,443 or 8080 by default. You are accessing a website right now. The security comes from the settings and safety of the webserver software itself. Whether it can be penetrated and access things that you are not supposed to.

---

If you are considering opening a service to the world you should look up if that software has any security vulnerabilities.

Open source linux based software is better in this way, because many people tests the software and reports issues before it is released to stable version.

You can also bild your server in a way, where things are separated. Like having a webserver in a container.

The host is almost totally invisible from inside the container and it is nigh impossible (should be) to access the host computer other than the shared folders between host and container and you cannot navigate out of those folders.

---

The most secure will always be a totally closed firewall. But letting trusted softwares to be accessed from outside is not much less insecure.

Do not trust what you see in movies, a "hacker" can't just waltz into your network, unless your router and firewall has some serious security vulerabilities or god forbid, public facing backdoors

(some routers had some not so long ago, you should look up your own router for any news)