How to secure home server?

Hello everyone!

I am setting up a home server that will be running services for various things (game server/web server) and I want to know, is it safe? With my small knowledge on how networks.. work I forwarded the ports on my router, setup XAMPP and even setup DNS to point to my IP. The reason I chose to host everything from home is because I'm just practicing and I want to be hands on with the machine. It's not suppose to serve millions of users or host super important files but I'm still worried. XAMPP says it is secure but is it really? The base OS is Windows 7. This being the hacker forums I was hoping you could all tell me what possible exploits and threats I could face in the future and maybe tips on how to patch them. Currently the server isn't running any plugins, just plain HTML. My main worry are the computers connected to the server via LAN.

 

Thanks guys!

Try this:

-Always update your OS

-Install a firewall learn all the ports that you really need, and close all ports you dont need

-Install an AV and do scheduled scan on least loaded times

-learn all the processes you will really need and your system put it on a whitelist and block everything not listed

-configure your router in a way your firewall is, but consider the needs of your other machines to avoid problems

-Learn the application you are using and exploits about it (ex. xampp or sql)

-always update all your applications is specially if the release not has something to do with security fixes

You can't be secure 100%, there's always somewhere to break in and something to fix,.

Hi - A lot will depend on your router (or maybe your switch). You could setup a vlan, this being a virtual LAN so it is sperate from other vlans on your network. You could set up DMOZ so a zone on the network thats public facing and isolate from the lan. I would suggest setting up a tight FW both on your router and your servers. You could filter on IP addresses or even MAC if you wanted. Keep everything that is hosting totally patched all the time. You could also direct ports so if someone is wanting to connect to a website you can set the port to something random link 8008 and for redirect this internally to 80. You can change the ports on the server receiving traffic so 8008 instead of 80. 

Basically a hacker is going to for the most part scan your ports to see what is open, then try to communicate over the open ports to see what is running, then run know exploits against those services.

Thanks guys, you've all been a huge help!