this post was submitted on 13 Nov 2023
5 points (100.0% liked)

Self-Hosted Main

21 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Like, I hear all the time that you shouldn't open any ports on your networks fire wall for security reasons this and security reasons that. But what are the actual security implications/risks of forwarding a port for something like Jellyfin or a Minecraft server or something like that? Explain like im 16 (or something)

you are viewing a single comment's thread
view the rest of the comments
[–] rayjaymor85@alien.top 3 points 1 year ago

Port forwarding itself is not inherently dangerous; in much the same way that jumping out of a window is not inherently dangerous. But obviously it is risky.

If you know what you're doing and mitigate the risk, jumping out of a window onto say a soft landing or a ground floor window is not a problem.

Anyone hosting websites or services either at home or in a datacenter do it all the time.

The dangerous part is if someone can do with that forwarded port if the service it's attached to can be used to gain access to something else on the network.

Usually done by figuring out what you are running, and then exploiting a CVE to get in and then get access to the rest of your network that way.

So as an example I have a VM with Google Cloud that is running my website. If someone does manage to hack it, well, who cares - it's just a VM running that simple LAMP stack.

If I had that same website on my home network, and it can access my home NAS, well if it turns out there's a vulnerability I didn't account for then technically someone can take over that VM and hop into my NAS and do damage there.