security advice wanted for home server
I have an embedded device with attached usb hard disk (a Linksys NSLU2)
which I have installed debian on, with the aim of using it as a home
server over ADSL. (The idea being that it's quiet and consumes very
little power, so I'm happy leaving it switched on all the time, which I
wouldn't be with a desktop type machine.)
I'm thinking of setting it up as a web server at some point, but could
do with some basic advice about the security side of things if anyone
can help with that. One question is how likely this is to be a problem
(and would the fact that it's on an arm chip not intel reduce the
likelihood of a successful attack?); also what kind of precautions I
should take against being cracked?
My network is an ADSL modem/router with built in firewall and port
forwarding, behind which I have 2 laptops, one running linux and one
running windows xp, plus the NSLU2.
What I'm thinking of doing to secure the NSLU2 is:
- Check that the only open incoming ports are ones that I need.
- run a firewall (shorewall?). (Though is this actually going to make a
difference on such a small network where there are only the localnet and
internet zones to think about and the router already has a built in
firewall? I'm assuming that it's something I should do, but not sure
what kind of attacks a firewall on the NSLU2 would really stop, given
that only one incoming port (http) is going to be open on my router, and
I can make sure that the server doesn't have any incoming ports open
except http and ssh)
- use aide to check the system files regularly. The way I'm thinking of
doing this is to put a bootable debian image (with aide installed) on a
flash disk, then every week or so boot my laptop from this with the
slug's usb hard drive plugged into the laptop as well, and check the
system using aide that way. Then install any updates, then calculate the
checksums again and store them on the flash disk (which I would never
use for any other purpose). This is putting me off somewhat, as I was
doing something similar with another server I had a while back, and it
was a fair bit of hassle to keep it up every week. So it would be good
to know if this is overkill, or a sensible thing to do?
- work through the securing debian manual to see if there's anything
else I've missed.
andy.
Reply to: