Main WebRunning a Server: Network Considerations
In this section:Network Configuration Considerations
Bandwidth Usage
Public Addresses
Multiple Servers
Internet Service Provider - specific notes
Verizon FIOS (Fiber)
Paraphrased from a message by Bill Larduskey with regard to installing Verizon FIOS. If you only want Internet and phone on FiOS? you can hook straight up from the Verizon box to your router and not use their router at all IF you specify that you want the install to be Cat5e and not Coax (they will push Coax). If you are upgrading from their DSL service remember to change from PPPoE? to DHCP in your [router's] configuration. If you do want their TV service it requires the use of their router which has configuration areas for some rule sets but I really didn't dig into UDP rules versus TCP rules. You could set a DMZ but that exposes your ATCS PC to the outside world [not recommended]. Their wireless access point only supports 64 bit WEP so it is recommended that you disable that as WEP is not a very secure encryption method - it's easily hacked. -- JAlexLang - 13 Dec 2007Verizon DSL
Several people have had difficulty serving from behind Verizon DSL when Verizon provides a Westell DSL modem/router. For one thing, newer versions seem to work better, so check if you can update the firmware or get a newer unit. Otherwise, use of ATCS Router software to relay the feed typically works a bit better because of the more frequent keepalive messages used by ATCS Router. Ask the Yahoo group for assistance with this.Network Security Considerations
Firewall Configuration
Restricting Access
Network Security
Personal perspective of Gary Hahn: This may look like an all-out home IT security synopsis, but I want to make sure that potential feed hosters are not discouraged from doing so! There is truth that operating a server introduces some risk, but as someone who involves myself in information technology security for a living, and as someone who hosts several audio and ATCS railroad feeds, it's not as bad as it may seem. Beware the naysayers! In most cases, I let a broadband router, Windows XP Firewall, and Windows Updates protect my machines, and I really don't need to touch them or fret about them. A bit about hackers and attacks... 1) Everyone on the internet gets attacked. EVERYONE. If by putting up a feed this attack rate increases, it's only by a few percent at most. This means that if your computer is not already compromised, the security systems you have in place are probably pretty much doing the job already. 2) Your exposure increases only a little, because you've poked a pinhole in your firewall(s) to allow people to connect. However, usually, you've set up a different computer for this function, so that's what they'd get to. Also, it only gives outsiders access to a single application (ATCS Monitor) so there would have to be known vulnerabilities to that application in order to perpetrate something evil, so keeping software up to date and applying Windows patches is most important. Since ATCS Monitor is so obscure, in the global sense, hackers aren't even aware it exists and if they do, so few people have it that it's not worth trying to write exploits for! 3) Most attacks are not "manned". These are robots looking for weak systems or juicy targets, which provide reports for hackers to choose their victims. These robots simply pick internet addresses at random and probe for weaknesses. If your security is weak, you could be compromised whether you've poked this new pinhole or not. Do you really have anything a hacker would want? Aside from borrowing your system to launch attacks at REAL targets like businesses and governments, you are probably not worth the trouble to a hacker. Again, it's unlikely that there's someone in Russia sitting there beating his head on the keyboard thinking "Darn it, I WILL get into Joe Foamer's ATCS feed computer if it's the last thing I do!" 4) Watching firewall logs will scare the pants off of you. If you plan to watch logs, be sure to do it now before you launch an internet feed, first. I guarantee you will see you are now being attacked often and that you will see very little difference once you launch your feed. If you want to sleep at night and not sacrifice precious hours of your life to pouring over firewall logs, just don't. Spend your time being proactive about keeping your defense mechanisms up to date instead. Protect yourself! Do these regardless of whether you run a server. My comments, in order of priority: 1) Patch, patch, and patch some more. Why? It's software vulnerabilities which are the root risk point...an open port (pinhole) on a router is useless if the software doesn't somehow allow a way to exploit your computer. How to patch? Oh that's easy, now, just let Windows Update automatically apply updates as they come out. For any third-party applications you have that utilize internet (ATCS Monitor, audio feed software), grab the updates often. 2) External firewall (broadband router). Yep! $40 of protection for broadband users makes up for hundreds of "whoops" security indiscretions on the individual PCs. 3) Software firewall. Yep! For XP users, the built-in Windows Firewall is just dandy...done. For other OS, finding something is a good idea. Since most attacks are blocked at the external firewall, what this does is prevents your system from being hacked by other systems behind your firewall...yes, in your house. If you inadvertently download a "trojan horse" on your day-to-day PC, it may launch a "worm" that scours your own network for things to attack. 4) Anti-virus. A must for your everyday PC, but actually optional for your feed server. You're not downloading anything over there, that thing just sits and does it's job. Viruses are pulled down by users, maybe by email, web browsing, or even removable media. Really the risk is that if the server gets infected it may need to be rebuilt. I generally do not a/v dedicated servers. 5) ShieldsUp? or similar. Can't hurt! This internet-based service scans your system to make sure all the measures you've taken are actually working, or tells you what to change. Trouble here, again, is that it may not differentiate in the report the things that are truly risks for the typical system...if it tells you every risk, again, you just won't sleep at night....unplug the computer for good! Now, huge disclaimers! I've tried to outline the reasonable things to do for a home user/server, not EVERYTHING to do. Again, to be completely secure, you have to unplug the computer from the power outlet. Security is a continuum; the more money you spend and the more people you hire to watch after your systems, the more secure you can be. If you haven't spent the money on a monitored alarm system for your house, a hacker COULD break in and TAKE your computer. Extreme example but points out that you should spend your money and time where it makes sense. Finally, this is NOT my security approach for a business! The risks are far greater. Depending on the business, we're talking from tens of thousands to millions of dollars in security measures such as assessments, intrusion prevention, threat management, policy review, content management, etc, to protect millions of dollars in assets and sales. A rightfully different animal altogether....opposite end of the continuum.Comments/Questions
-- BrianSwan - 29 Oct 2006
Log In
Main Web
Users
Groups
Index
Search
Changes
Notifications
Statistics
Preferences
Main |
|
Website hosting provided by CBPNet Wireless, a division of Cooke Business Products, Inc.Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback