I want to set up IIS on an old XP box that I have on our our LAN at work so that I can host some Silverlight stuff on it that I am plying with so I show it to others on the internet. I have a public IP set up already that shoots straight through my firewall and straight to that machine, and I sometimes use Remote Desktop to log into that machine and do some misc work when I am at home. It has drive letters mapped to data folders on the server, but no data is directly on that machine. I do not want to expose my entire network to risks that I do not understand. So, will it be safe if I let people surf to the public IP address to hit that machine with their web browser?
So, will it be safe if I let people surf to the public IP address to hit that machine with their web browser?
You always increase your risk level by allowing access to trusted resources, so "safe" is a relative term. In this case, you are taking a possibly dangerous level of risk by hosting this at the same location where you would like to conduct secure transactions (e.g. logging into your bank account).
That said, you can take some high-value, low-cost protective measures:
- Since you're behind a router, your router can do double duty and act as a firewall. Make sure that only the appropriate ports are open.
- Make sure that the applications you run do so with a minimum of privileges. If at all possible, run these applications inside of a virtual machine, and use that as the web server.
- Secure access to the applications you serve; allow only trusted users.
- Make the public-facing area of the site minimal.
- Keep the application in a completely different file root than everything else.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki