Ask HN: What are current best security practices for custom servers?

2 points by kd5bjo ↗ HN
It’s been a while since I’ve done any low-level network programming, and I was thinking about doing a hobby project to keep my hand in. What safety/security precautions should I take before punching a firewall hole from the Internet at large to a custom-written TCP server? Is the obscurity of an unadvertised server running an undicumented protocol enough protection, or is there something else that should be done?

6 comments

[ 50.0 ms ] story [ 653 ms ] thread
I would recommend to not use an unsafe programming language such as C or C++.
…because then you can blame the security holes on somebody else!
I don't know. But at least you don't get too many buffer overflow security holes.
"best practices for a hobby project" seems an oxymoron. Particularly in terms of security where everything is a tradeoff between air-gapping and honeypots. Or to put it another way, what are the goals and what do you want to avoid?
The goal is to run a server that my friends and I can connect to over the internet without the server box getting owned by various malicious actors on the internet. I expect to write the entirety of the server and client networking code myself.

There is a good chance that the server will not be a dedicated computer, but instead somebody’s regular desktop machine.

Why not deploying your own code to something like AWS? Then it’s not a mess each time it gets hacked.