I think the first rule of security is not to be confident. Quite the contrary you should be paranoid, nervous and doubtful. Continually on the alert....(for the most part) I am as confident as I can be that it will be secure ...
I see no reason to believe that amateur hackers have any less skill breaking in than professional hackers. You are basically saying that you suspect you have no security....from all but a professional hacker.
That implies to me that you are not using HTTPS which would normally be listening on port 443. That means that user names and passwords can be sniffed from the net by attackers. So far this is not so good, essentially you have no security at all....password protection...raspi webserver on port 80 So far so good...
Ah, good, paranoia. But as others have noted above firewall rules on the Pi will not help you. If an attacker gets in he can always change those.Being paranoid I would like to add an additional firewall rule(s)
Now, that is a little scratch at the surface of web security, well, more like a gentle rub. Web security, or security in general, is a huge topic. What you need to do next depends on what you will be doing with your webserver. It's probably a good idea to start with a look at a web application security checklist. Like:
https://simplesecurity.sensedeep.com/we ... e4f43c9c56
https://www.owasp.org/index.php/Web_App ... heat_Sheet
https://www.upguard.com/blog/the-websit ... -checklist
There are many more.
I think this would help a lot to website owners who are looking for a SSL certificate but I found another ssl certificate provider (https://www.https.in) they are not providing free ssl certificate like LetsEncrypt. But what they said to me is they will help me install SSL certificate also they have insurance policy of around $ 10,000 in case of any data breach.Heater wrote: ↑Thu Oct 05, 2017 11:58 am
That implies to me that you are not using HTTPS which would normally be listening on port 443. That means that user names and passwords can be sniffed from the net by attackers. So far this is not so good, essentially you have no security at all.
Do set up Hiawatha to use HTTPS. Get yourself the required certificates and keys from letsencrypt: https://letsencrypt.org/ It's free and easy.
Users browsing this forum: pbillet and 9 guests