What should I do before exposing a home server to the internet?

Question

I'm thinking about putting together a home server and giving it a static IP, for some basic stuff like hosting web projects and maybe a ProtonMail bridgeI know very little about system security, but I know that opening up a vanilla distro with all the default daemons and open ports could be inadvisableSo what's a good strategy for a hobbyist to secure their server? Is there a fire-and-forget firewall I could set up? A minimal distribution that has nothing outside of what you need for this type of hosting? Is there a step-by-step guide out there for locking things down?

rolph · Accepted Answer

heres an experiment for you, setup a honeypot router that is open to the web, keep in mind that it is possible for threat actor to reconfigure the router, among other nastiness, but what you want to see is the activity log, so you can see what or who is going for your honey pot and hammering on a locked door to nowhere.this will give a partial threat profile but will also show you just how sketchy the net is outside of a secure space.

4f77616973 · Answer

Don&rsquo;t expose SSH, OMV, Docker, Portainer etc. Use cloudflare DNS. Enable fail2ban, tunnel everything over VPN.