Webserver security software

Forum regarding Windows Software and Home Automation Domotica.

Webserver security software

Postby Rutger » Sat Jan 21, 2012 5:32 pm

Since a few weeks some unknown people try to logon on my Homeseer page (and maybe more, what I can't see).
Homeseer and the ip-camera's are secured with usernames and passwords ofcourse.
Only the neccessary ports (SSL) and some ports for real time camera viewing are open in de router.
It don't feel right, so I'm searching (this forum) for webserver software or something like this.

I don't want to gave access for a small amount of ip-addresses.... I read some stuff about htaccess files and apache software.

What for web/loginserver security software do you have installed or what are other possiblities to have more security?
My home automation blog: https://rutg3r.com
Rutger
Member
Member
 
Posts: 330
Joined: May 2010
Location: Netherlands

Re: Webserver security software

Postby johnz » Sat Jan 21, 2012 7:52 pm

I think it will be complicated to set up a different webserver for Homeseer.
What about a VPN tunnel to your Fritzbox?
John
johnz
Member
Member
 
Posts: 140
Joined: May 2009
Location: Netherlands

Re: Webserver security software

Postby mhn » Sat Jan 21, 2012 8:11 pm

Or move you web port to something like 35697. The attacker will have a hard time finding that.
mhn
Member
Member
 
Posts: 399
Joined: July 2009
Location: Denmark

Re: Webserver security software

Postby Rutger » Sat Jan 21, 2012 9:20 pm

Hmm, I thought I should be easier to install some webserver and behind this 'wall' some other software who is reachable from the WAN.
Maybe the VPN is the easiest way.
I'll look further.
My home automation blog: https://rutg3r.com
Rutger
Member
Member
 
Posts: 330
Joined: May 2010
Location: Netherlands

Re: Webserver security software

Postby Art » Sat Jan 21, 2012 11:18 pm

Rutger, it seems to me that what you need is a better firewall. This would enable you to define much more sophisticated rules to deal with incoming traffic, and even better to log attempts to access your network and deal with them appropriately. An example would be to detect port scans and ban the originating IP address altogether. Or, if it's an address within our jurisdiction, notify the authorities.
Art
Starting Member
Starting Member
 
Posts: 32
Joined: November 2011
Location: Utrecht

Re: Webserver security software

Postby airox » Sun Jan 22, 2012 12:01 am

You can also try to put an apache webserver in front of it and make use of mod proxy to proxy requests to your homeseer machine. You can then configure on the apache webserver the necessary security. HTTP basic authentication in combination with an SSL connection (startssl can provide you with a free ssl certificate). Use a named virtual host in apache so only a certain domain like "homeseersecretserver.yourdomain.com" is the entrance to your homeseer machine.

Hopefully I gave you a few pointers.
airox
Member
Member
 
Posts: 214
Joined: May 2010

Re: Webserver security software

Postby AshaiRey » Mon Jan 23, 2012 9:47 am

First question yourself, 'do i need my domotica server to be connected directly to the internet'
If yes then does it need also inbound traffic. Often it's not. It's only the case when you want to control your home while not at home.
So you have to be sure that it's you and only that's calling in.
Things to control this are.
vpn's
Port forwarding on your firewall.
Allowing only known ip addresses and mac numbers
SSL encryption.
Time frames and access windows. (droping the connection after a minute)
Prevent giving commands to your homesystem via email, phone commands, twitter, skype and such.
Just to name a few.
Bram
AshaiRey
Senior Member
Senior Member
 
Posts: 1297
Joined: February 2009
Location: Netherlands

Re: Webserver security software

Postby Post-IT » Mon Jan 23, 2012 8:37 pm

If you decide to keep your server publicly available after carefully looking into the things mentioned above, you have several options:

- IPSEC VPN, take some extra work to setup on the remote location so not handy when using several computers
- SSL VPN, extra work on the home side but is easy on the client configuration
- changing portnumber will not change the risk or enforce security, it will only help you keep out of the spotlight of regular port 80 and 443 scanners
- using a firewall, restricting source IPadresses. You can use a software firewall on windows, but most ADSL routers support more specific firewalling. Juniper/Netscreen can even insert an authentication step for HTTP pages
- I'm not sure how the homeseer webserver works, but you might also be able to use clientside certificates (your client will have to present a certificate to authenticate instead of username/password).

I personally use an IPSEC VPN on my iPhone and don't use any webserver which is publicly available.
Post-IT
Member
Member
 
Posts: 447
Joined: February 2009
Location: Netherlands (Rotterdam)

Re: Webserver security software

Postby Rutger » Mon Jan 23, 2012 9:09 pm

Thanks for all ideas. A lot of stuff to think about. At the moment ip address blocking is the best option. VPN is not always an option, especially at work. After appr. 6 months VPN is an option with my new phone.
My home automation blog: https://rutg3r.com
Rutger
Member
Member
 
Posts: 330
Joined: May 2010
Location: Netherlands


Return to Windows Forum

Who is online

Users browsing this forum: No registered users and 1 guest

cron