this post was submitted on 22 Nov 2023
5 points (100.0% liked)
Self-Hosted Main
515 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The login page to your NAS.
Not really an option when I'm providing file hosting services to a bunch of my friends.
If your NAS is properly updated, and SSL is used, then the login screen it just as safe as any other web app with regular updates. I would ask why someone would want that.
It's not. SSL in itself doesn't make any exposed service safe, just safer. An updated service isn't necessarilu free of vulnerabilities.
The difference between exposing your login page and most other services is the attack surface. If someone gets into your NAS administration, game over. You're getting hit with ransomware or worse.
If someone gets into my Calibre Web server, for instance, my vulnerability is much more limited. That runs in a docker container that only has access to the resources and folders is absolutely needs. The paths to doing harm to anything besides my ebook library are limited.
I of course still use SSL, with my Calibre Wev behind a reverse proxy, with long complex passwords, and I'll probably soon move it to an OATH login where I can use MFA (since it doesn't support it natively itself). And there are more measures I could take beyond that, if I chose.
I'll leave with this. ANY service exposed publicly or not should not have vulnerabilities. If there is any hint that your NAS webserver has vulnerabilities, it shouldn't even be used internally. So to me, it does not matter. I don't expose my NAS webserver because I have no reason to increase my attack surface that wide.
But I'm comfortable exposing any of my internal services as needed because I've personally checked the source code for vulnerabilities, and have proper checks in place on top of regular security updates. I understand why others wouldn't think the same way, as this takes a high level of confidence in your ability to assess the security posture of your systems and network. I've had penetration tests in my network, conduct them myself for business.
It would be nice if we, and apps' developers, always knew what the vulnerabilities are. They generally exist because the developer doesn't know about them yet, or hasn't found a solution yet (though ideally has been transparent about that). Zero-day exploits happen. There's always a first person or group discovering a flaw.
If being up to date and using SSL was all it took, security would be a lot simpler.
No one security measure is ever foolproof, other than taking everything offline. But multiple used in tandem make it somewhere between inconveniently and impractically difficult to breach a system.