Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: What are current best security practices for custom servers?
2 points by kd5bjo on April 18, 2020 | hide | past | favorite | 6 comments
It’s been a while since I’ve done any low-level network programming, and I was thinking about doing a hobby project to keep my hand in. What safety/security precautions should I take before punching a firewall hole from the Internet at large to a custom-written TCP server? Is the obscurity of an unadvertised server running an undicumented protocol enough protection, or is there something else that should be done?



"best practices for a hobby project" seems an oxymoron. Particularly in terms of security where everything is a tradeoff between air-gapping and honeypots. Or to put it another way, what are the goals and what do you want to avoid?


The goal is to run a server that my friends and I can connect to over the internet without the server box getting owned by various malicious actors on the internet. I expect to write the entirety of the server and client networking code myself.

There is a good chance that the server will not be a dedicated computer, but instead somebody’s regular desktop machine.


Why not deploying your own code to something like AWS? Then it’s not a mess each time it gets hacked.


I would recommend to not use an unsafe programming language such as C or C++.


…because then you can blame the security holes on somebody else!


I don't know. But at least you don't get too many buffer overflow security holes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: