Find the answer to your Linux question:
Results 1 to 4 of 4
Background: I have two home servers, CentOS for Samba and Ubuntu for VNC, a Macbook and a Dell Mini9 running XBMC to my TV. I've got the basics of home ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2012
    Posts
    10

    Networking for college dorms


    Background:
    I have two home servers, CentOS for Samba and Ubuntu for VNC, a Macbook and a Dell Mini9 running XBMC to my TV. I've got the basics of home networking down. But I'm headed off to college this coming fall which changes things a bit.

    I'm taking my Macbook and one server. The entire campus is wireless (small college, 1/2 mi^2) and I'm assuming interconnected under one network. My concern is security, I can tunnel VNC through ssh so I'm not worried about that but I am about the file server aspect.

    Question:
    1. what security measures do I need to take for my server to be on the network but not be vulnerable? All I know is a fire wall.
    2. is smb the best ip for this or would another be better?
    3. is there a way to to isolate my server so it doesn't pop up on everyone's network options?

    Any other tips / tricks for a college network is greatly appreciated!
    Thanks for the help!
    code_ape

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    899
    Since both will be natively on the untrusted private network with dynamically assigned IPs, it will be less than ideal security wise.
    Here's a few things you should do:
    Make sure you cannot ssh/access the server using the root or other default accounts. Only your account should be able to ssh.
    Make sure only authorized users (ie, your account) can access the 'su' command.
    Make sure you passwords are not bruteforce-able. My Advice: 14 or more characters, including at least 2 special characters, 2 upper case, 2 lowercase, 2 numbers.
    Make sure authentication is required for any services (such as Samba). Preshared keys would be ideal here.
    Set IPtables to drop all inbound, forward, and outbound connection requests except for the protocols you want open (such as for Samba and SSH).

    Consider a host based IDS. I have no recommendations here, as it won't prevent, only help ID break ins.

    If you do the above things, that should stop the majority of bad things from happening to you.

  3. #3
    Just Joined!
    Join Date
    Apr 2012
    Posts
    10
    That's so much mizzle! Would you think setting up a personal subnet be beneficial?

  4. #4
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    899
    Yes and no. If it's a wire eth network, you might get faster transfer while you're in your dorm room, but if you want to access your server on the campus wide network (say from the cafe or something) your server still needs to be on that untrusted private network. If you have another box, you could set that up and make a VPN to your server, and use that as your server's gateway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •