FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Portable servers - how secure are they?





deanhills
I'm toying with starting my own server, but on a portable external hard disk. Just wondering what security issues I could expect as I've never had a server before? For example, if I used it with my computer at home, what part of my computer would be vulnerable? I'd imagine that it would work with a port, which one would it normally be, and what would the consequences be from a security point of view?

I'm thinking of using a Seagate Portable Hard disk (1 terrabyte) with XAMPP software:
http://portableapps.com/apps/development/xampp
Marcuzzo
Hi Dean,

there is a difference between server software and an actual server.

=> Xampp is basically a Cross Platform Apache MySQL and PHP package. the X in Xampp stands for this cross platform attribute of the software package. it's not really a server but it runs server software on your machine so that it can perform certain server tasks, such as running a local MySQL database and present HTML to clients that send an http request to the default http port running on your local machine. this exposes the http port ( usually 80 or 8080 )

=> Xampp can be secured in a way that other machines in the same network are not allowed to access it but since you are running it from an external storage device you are 1: not fully using it's powers because it can make use of windows services. and 2: if you loose your disk or it's stolen, all data is compromised.

=> in terms of security, you are offering services on ports. (period). usually an attacker will run a port scan to see if there are services offered on a specific IP address. if any services are offered and there is a known exploit for one of these services you are pretty much screwed. Xampp will usually only offer services on http(s) ports 80 and/or 8080

=> I don't know what your current OS is but I would suggest to use a virtual machine for these types of activities. I'm running Windows 8.1 on my work laptop and I've got a few Hyper-V machines running on it ( one of em is actually a Gitlab server that I use to store my git repositories ) you could install a bare debian machine and only install apache, php and mysql on it and you've got a genuine ( local ) web server running instead of a server'ish sollution like Xampp.
don't get me wrong, I love Xampp, I've used it in the past and still do for smalll website projects, but these is merely for testing purposes.


=> in the end it all boils down to what you need to do with the server. I'm really looking forward into reading more about your server 'project' and I hope I can be of some help.


PS: I'm a little drunk now so sorry if this doesn't make any sense and if I said stuff more then once Very Happy
deanhills
Marcuzzo wrote:

PS: I'm a little drunk now so sorry if this doesn't make any sense and if I said stuff more then once Very Happy
Thanks for the detailed explanation Marcuzzo. Everything was useful and you write it so well even I can understand it Razz

I basically only want to install something like XAMPP for testing stuff. Like for example recently when I was checking out a mySQL database of mine - I longed for the ability to do that off line. Which obviously one can't do without having to go through huge loops.

Having the server on a portable disk would have been my answer for protecting my content on my PC's regular drives. I have Windows 7 configured with C: and D:. So I thought maybe if I had an external hard disk it would isolate any messes I made when using XAMPP from C: and D:. I was also hoping for some security, but the way you explained it, I'll definitely be up for grabs. Particularly since here in the UAE there is only one IP provider and all of the non-business people share dynamic IPs with very short duration lengths.

Any suggestions for what one could do to beef up security when one uses XAMPP?
Marcuzzo
deanhills wrote:
Any suggestions for what one could do to beef up security when one uses XAMPP?


Hi Dean,
The security issue here isn't XAMPP, but the removable drive.

Using USB Flash drives always involves some risks:
1. Loss
2. Theft
3. Data corruption

Loss and Theft are pretty much the same, someone else can just plug in the drive and access your files.
XAMPP is pretty secure in a way, you can prevent other users from accessing it remotely, but if your USB flash drive is Lost/Stolen, the person that has it can just plug it in and already bypasses this security measure.
You'd think that your password would be safe but XAMPP has got several ways to reset the passwords.
=>The XAMPP directory can be accessed by deleting "\xampp\security\xampp.users" and "\xampp\htdocs\xampp\.htaccess"
=>the MySQL root password can be reset using the batchfile "\xampp\mysql\resetroot.bat"


Data corruption is another story. the life expectancy of USB flash drives is significantly decreased when it's being used in these types of situations. in the end your USB Flash drive will start to give you IO errors.

so if you plan to stick to USB drives you definitely want:
1. to have a good drive that will last longer then others.
2. to use some sort of encryption like Bitlocker To Go.
Related topics
POP3 with PHP
Does anyone know of a free secure-image servers for Paypal
TurboFTP - secure FTP client program
No website is secure from this man
Best filemanager?
Free Hosting-Availability
FTP program
Fantastico could be updated
The anihalation of the net?
what do you think about frontpage
How To : Secure Your PHP Website
Free domains and IRC servers
Booting time
Diablo 2
Reply to topic    Frihost Forum Index -> Computers -> Hardware and Electronics

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.