Heya, I feel pretty dumb to not know much about this. I’ve been searching endlessly for hours, but couldn’t personally find anything that answers my question, so I decided to ask you guys who actually know how these things work.
So, I have setup a Fedora Server to my old unused MacBook. It’s connected to a modem via ethernet cable, and I use it to run Docker containers like FileBrowser, Yacht, Plex, Git server, etc.
The server does have internet access. But I’m wondering how much do I really need to secure my server? To my knowledge, the server shouldn’t be accessible outside from my network, but I’m not really sure(?). How would I make sure that the server isn’t accessible from outside my network?
I’m certain that no one will be able to connect to my network/wifi, so I wouldn’t stress about people gaining access to my server if they would only be able to access to it from my local network, but I’m unsure if my server is available outside of my LAN.
I would appreciate any help!
There must be a way to open ports on your modem (that is NAT forwarding). If no port is open, there is no way to gain access to your server. If a port is open, then there might be a way for an intruder to get into your network. The reality is a bit more complex (man in the middle, …) but it would make sense only if your data is of value or if someone means you harm.
Make sure upnp is not enabled on your modem/router. Scan your public IP from the outside, or use shields up to see if anything is exposed.
UPnP got me some lovely ransomware once. Never again.
If you didn’t specifically open ports on your router, you’re starting off pretty well. Now software on the Fedora box could be reaching out to the internet opening ports, possibly misconfigured, but that’s a much smaller attack surface.
Keep in mind that no being accessible from the internet does not mean it is safe as your local network is ALSO a very hostile environment with modern technologies (especially your PCs, smartphones , smart TV, and so on). Make sure you use HTTPS, proper authentication and so on to protect your server