3
I'd like to dedicate a low-power Debian/Ubuntu box to set up a personal wiki (namely Instiki) on it. The information I'm looking to store in it will obviously be of a very confidential nature; anyone except me accessing it would be disaster. And my network administration and security skills are pretty weak. High requirements, low skills; not a good combination.
I know that by its nature, setting up a listening app and opening a port to the outside world exposes me to a certain level of danger. But how do I minimize that danger?
- My understanding is that as long as it's running behind my router, which has a built-in firewall, it's not accessible to the outside world by default; correct?
- And if I do explicitly open a port to the machine (set up a "Virtual server" entry in my router's config), I'm basically at the mercy of the strength of my username/password combination, which theoretically any script kiddie scanning for open ports could guess by brute force.
Is there any practical middle ground between disabling outside access altogether, and relying on a port/username/password combination? I could live with only accessing my wiki when I'm at home, but it would be an inconvenience.
What are my other options? SSH tunneling? Key pair authentication? Please advise. I would especially like further advice regarding setting up a tunnel or VPN via SSH.
4No it doesn't. This is as much as server question as any other I've seen. – David Z – 2009-08-02T08:11:36.783