Some friends and I want to play FarCry version 1.40 on PC over the internet on our own private server but we have some security concerns. Since the game was released 15 years ago and we'll be running it on Windows XP Pro Version 2002 Service Pack 3, we are likely to have our server and operating systems hacked, correct? What are some security measures we can take to prevent this?
The server will be behind a home router with port forwarding enabled.
If the only port forwarded to the server is the port used by the game, you are fine.
You can protect even Windows 95 with the correct measures. If you block everything but the game server, not use the computer for anything else but host the game (no browsing, no email, no running random programs), it will be reasonably safe.
Even with port forwarding, you do not want to expose your filesystem to attackers as it might be possible to use your hacked server as a pivot for lateral privilege escalation through the router into your home server. It depends on your router's configuration/model too.
I strongly suggest that you run the game from a Docker container, so that it will be impossible (short of a kernel exploit) to escape the container and access the files on your server, where the attacker can perform write operations and compromise other computers in the network. You can stop at this step unless you're paranoid.
So what should you do if the attacker has access to a kernel exploit useable on your Windows server?
A good mitigation would be to use a non-generic kernel. While it may be easy to use an exploit script for a vulnerability, it is often not that easy to write one. I would hence also recommend that you change some of the kernel code, such as the namespaces so that any available exploit would not work on your server without some tinkering.
