
Ask HN: What are current best security practices for custom servers? - kd5bjo
It’s been a while since I’ve done any low-level network programming, and I was thinking about doing a hobby project to keep my hand in.  What safety&#x2F;security precautions should I take before punching a firewall hole from the Internet at large to a custom-written TCP server?  Is the obscurity of an unadvertised server running an undicumented protocol enough protection, or is there something else that should be done?
======
brudgers
"best practices for a hobby project" seems an oxymoron. Particularly in terms
of security where everything is a tradeoff between air-gapping and honeypots.
Or to put it another way, what are the goals and what do you want to avoid?

~~~
kd5bjo
The goal is to run a server that my friends and I can connect to over the
internet without the server box getting owned by various malicious actors on
the internet. I expect to write the entirety of the server and client
networking code myself.

There is a good chance that the server will not be a dedicated computer, but
instead somebody’s regular desktop machine.

~~~
brudgers
Why not deploying your own code to something like AWS? Then it’s not a mess
each time it gets hacked.

------
speedgoose
I would recommend to not use an unsafe programming language such as C or C++.

~~~
JoeAltmaier
…because then you can blame the security holes on somebody else!

~~~
speedgoose
I don't know. But at least you don't get too many buffer overflow security
holes.

