I have a host name whose dns points to my home IP. I use this for game servers for my buddies. Should I be worried about my home IP being easily accessible like this, and should I get a physical firewall appliance to protect myself?
Servers are running Windows Server 2019 and Mac OSX.
Yes, don’t expose Windows to the internet 😒
https://opnsense.org/ is a good system if you want an easy to install and open-source firewall.
Edit: no need to buy their official hardware. Any x86 system with two network ports will do.
Yes, don’t expose Windows to the internet
It sounds like they’re just exposing a game server, not windows.
If you have a router, you already own one.
Pointing a hostname to your ip doesn’t do anything meaningful.
Hopefully you’re only forwarding the minimal select of network ports and not all ports/traffic? If so then you’re good, like someone else said if you’ve got a router and it’s forwarding selected traffic then no need for anything else
It depends. If you’re forwarding a lot of ports then maybe, but just a home gaming server? Probably not a big deal.
Just don’t forward ports for remote control and you’ll be fine, especially RDP (3389 IIRC), and SSH…
Nah, probably not. All routers you can buy today will route and by default have their firewall active. Make sure, auto-updates are activated on your router.
Check your server OS’ses and the Software running on them for updates on a regular basis - since they are partially made available to the public and are potential attack vectors.
Though if you only port-forwarded a couple ports that dont include the RDP port or something wildly stupid, you should be safe.
Follow some best practises as:
- try to dont run your Gameserver Software as administrator but instead with a account with as low privileges as possible.
- update your OS’ses, Softwares and Router/FW Appliance.
Don’t let yourself fool by the guys telling ya to setup a full fledged firewall system when you obviously don’t even know basic networking. You would be overwhelmed by the configurationpossibilities.
If you want to dangle your foot in some cold water - try em out and put some machines behind them to learn what behaves how. But dont make em your only protection against the public internet when you don’t know basic networking stuff.
Happy Sailin’ matey!
I actually have a degree in networking lol
Unless you’re just opening up all the ports on your router, it should be blocking all incoming connections by default. I’d recommend doing 1:1 port mapping for the specific internal ips of your services if your router provides that capability, but at minimum just locking it down to only opening the ports required for your services should suffice.