Bear with me...noob question on security


#1

I’ve been reading some of the documentation on installing the Stack Manager on a PC, which I’d like to do. It mentions basic admin security, but I was thinking, if I create a place and want to open it up to others to visit etc. doesn’t this pose a bit of a security issue if it’s hosted locally on my PC? I’m not a developer so a bit of clarity about this would be really appreciated.


#2

My usual disclaimer - I’m just another Alpha and my opinions are strictly my own.

The basic answer to this is, yes, it creates a security risk to your PC (or Mac/Linux Box) as would any running of a server process where you’re giving outsiders a way into your computer.

Anyone running a server should (and really must) consider the basic question of Is this something I want to do? and be aware there will always be a risk associated with doing so. It would be irresponsible to say HiFi’s stack is anything other than what it is, alpha level software, and as such it could have vulnerabilities. On the flip side, well developed code that should not have any glaring vulnerabilities often do – so, again, you have to consider the risks and balance against your desire to open the gates.


#3

Hi Omega, thanks for your reply. I thought that might be the case. Looks like I might not try out the stack manager which is a shame. Still, there are enough places to be able to participate, explore the HF world features and contribute.


#4

I’m working on a not too difficult idea to use of making a virtual box linux image one could run keeping stack in its own protected space on Windows. Virtual Box is free and HiFi’s excellent ability to tunnel through complex networking setups (NATS etc) makes it easy mode. By running in a VM you can isolate Stack to its own “protected” space where, if something nasty happens it would be limited to just the VM space.

I’m actually running my Mac OS X domain using similar methods keeping it isolated from main machine and, again, same on my Linux server builds - locking stack into Linux Containers to isolate. So - while geeky, there may be an easyish way, eventually, to have cake and eat it too.


#5

Hi @Evy_711 , I am working to test a new server farm dedicated to hosting HiFi domains. If you are interested in your own domain while in Alpha/Beta, just let me know.


#6

Is that on the machine from your home that we had talked about before?


#7

I’ve been hosting my HiFi domain locally for months now. Correct me if I am wrong but all I am exposing is my IP… which is available to any site that I click on… and the port that HiFi uses… is there some reason you think that your connection is more prone to hacking? I know that some ppl here host their domains closer to the market that is online. For better ping etc. And isn’t hosting without having to pay for silly server farm part of what HiFi is all about?


#8

It’s actually 12 rack mount Dell’s running XenServer behind dual Internet routes, dual HA pfsense firewalls, SSD’s, 1 hour batteries, 6-day generator, IDS/IPS, MariaDB HA cluster, Hadoop cluster, and FreeNAS with 24TB of storage. This is my test rig while I get the production data center up and running at a large co-lo. My home Internet will be the bottleneck eventually, but is good for alpha. All running from home.


#9

There’s nothing about HiFi’s code that is in question - understand me clearly on that. But, any time you run a process that allows an outside entity inbound access to your computer you run a risk. If a hacker type discovers a way to creatively abuse a server, said hacker might be able to access arbitrary files on your host system and do things.

When you use a web browser to look at a site or check your email you’re exposing your IP address, but, what you’re not doing is saying “hey here I am and this is a way you can connect back to a program running on my system and do stuff”. Server programs open inbound connections so clients can get things they need - that’s the whole point of a server, but, there is, always has been and always will be risk in doing so. Being educated as to any potential risks, how to be smart about protecting yourself and aware that it might not be the best idea in the world to have a server of any kind running on your PC with all your personal data and important stuff on it is important.


#10

@chris Interesting topic I was just listening to a guy in the sandbox who seemed to be doing the I can find your ip and destroy you all bit. It was like being at violet in second life :smile:
Windows is up2 date I have a good antivirus prog and a firewall.
What else should I be doing ? Do I need to wear a condom b4 i log in?


#11

HF Sandbox being used as a Trolling station… novel idea. At least they can help with bug fixes.


#12

Worse, this days you don’t need to run a server to get in trouble. surfing the net can be enough. And there still enough people that download illegale crap. And then you can wait for problems. I think people need to be more worried at what the do and download and click then running the high fidelity stack manager.


#13

Thanks for explaining it in normal person English, very helpful :blush:


#14

Hi-Hi.

For any new folks (of which I am one) who have made their way to this thread wondering about security for their home machines, there are a couple of threads around regarding @Coal’s script for hosting your domains remotely on Digital Ocean for $5/month, which is what many here seem to be doing easily and painlessly.

Coal is also writing up some help documents for this. Meanwhile, here are the associated threads for that solution:

How to compile HiFi in CentOS 7.x (domain-server and assignment-client)

What should i run the stack manager on?

CentOS 7 - Domain Server Compile and Update Script

New update as of 4/16 (and really the easiest of the lot):
Running a Domain Server on Digital Ocean


#15

Good synopsis @SterlingWright


#18

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged) :P]


#19

It is because even if I select the correct reply button, my posts never come attached to those they are responding to… most frustrating


#20

aye i do the @SterlingWright thing in my attempts to reply or even to save FACE