When I started this thread I had no idea it would generate such a response. Some very helpful tips and links to improved server security have emerged.
However, I am concerned that any younger pi users might read this thread and be "put off" from experimenting and self learning. If I am understanding correctly what we are in fact saying is that it is generally unwise to open-up a port on a home router to expose a homebrew server unless extreme precautions are taken? As a 60+ year old who is simply trying to self-educate I have sufficient wisdom to see that as an "amateur" it is perhaps safer to abandon this line of research and move on to something else with less risk or wait until my knowlege is sufficient to reduce the risks.
However, I am left wondering about younger experimenters for whom the pi was intended. Youthfull enthusiasm is not likeley to stop he or she from opening up a port to a less than secure server and I wonder if we are sending out the wrong messages here? Yes, lets encourage safety by all means but reading some of the comments posted would lead us to believe "dire" consequences may result from a less than secure home server exposed to the wider web. Of course risks exist and it would be silly to ignore them but reading this thread reminds me of my own youth when everyone said riding a motorcycle was "dangerous" and while this (was and still is) true I found it much more helpfull when an older "biker" told me "yes, very dangerous" but then went on to explain how to reduce those risks.
The problem I have is that in my own case I followed raspberrypi.orgs advice from here.
https://www.raspberrypi.org/documentati ... ecurity.md
*** Sample quote ***
"What level of security you need depends on how you wish to use your Raspberry Pi. For example, if you are simply using your Raspberry Pi on your home network, behind a router with a firewall, then it is already quite secure by default.
However, if you wish to expose your Raspberry Pi directly to the internet, either with a direct connection (unlikely) or by letting certain protocols through your router firewall (e.g. SSH), then you need to make some basic security changes. "
*** End quote ***
From comments posted here it would seem that the precautions listed in that page may be insufficient. While I accept no server can ever be fully secure (unless switched off) surely its possible to achieve a reasonable level of security such that a keen young experimenter can expose a homebrew server to the WWW without bringing his or her world crashing down?
This is just my 2p worth but it seems what is perhaps required is a more comprehensive "how-to" page on server security aimed at the less experienced experimenter. The raspberrypi.org page is pitched just right but it seems it does not go quite far enough. I only wish I had the knowledge and experience to write such a page myself.
Dont get me wrong, its right to be cautious but as a person who spent a number of years working in a school I fear the cautious approach can go to far stopping people from doing something creative.