Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

test xamp server-how to secure it on home network

Jan 18, 2015 11:41PM PST

I have a Windows 7 computer running xampp test server on it. I was wondering if I could somehow lock it extremely well out from the rest of my network so that I can still get into it from my home network and allow the developer to connect to it from wherever he's located for a project I am doing. Right now my main router is an asus rtn66u. I have the basics of networking understood but just need some help locking it down. I don't want to put it in the DMZ because then it is completely open to the Internet. right?
So so far here are some of the options I was given elsewhere:

" to have a second Internet connection brought in.. "
That's not an option for me.


"connect that WAMP server directly to the internet (after the modem, before the router). Have a second Ethernet interface connect to your existing router, and use WAMP server to route traffic to it."
Not An Option

"hosting your WAMP server out on AWS rather than on your personal network. "
Not An Option

"obtain a whole other PC to use for a firewall box. Can be anything cheap (and I mean cheap). Add a couple of LAN cards. A free Linux firewall application (ipCop, pfsense, etc), and use the DMZ function in that."
Not An Option

That being said are there any other options I can try?

Any help would be greatly appreciated

Discussion is locked

- Collapse -
Answer
Yes (about the DMZ question.)
Jan 18, 2015 11:55PM PST

There is no way to fit all there is to know about securing a server here. It's now a big deal but you dismissed options before you got off the ground. Why not find run a LAMP instead?
Bob

- Collapse -
Replying
Jan 19, 2015 3:10AM PST

Sorry I don't mean to dismiss everything right off the bat but I'm looking for alternatives besides ones I listed. I figured I just List them so we don't waste time going over them. As for the LAMP I have no idea foR anything about linux so that's why I didn't go that route. I don't mean to limit it so much.... But there's got to be other solutions right?

- Collapse -
I'll have to wait for them.
Jan 19, 2015 3:14PM PST

You listed some of the best, and securing Windows is so well done as well as it won't fit in this text box unless we leave stuff out.

I think LAMP is a great solution as it's crafted from the ground up to be secure as can be.

Why do you think you need to know Linux? Apache, MySQL, PHP is the same there are on most other OSes. I noted something about Linux a decade ago.
-> http://tips.oncomputers.info/archives2004/0401/2004-Jan-11.htm
Bob

- Collapse -
About the lamp
Jan 20, 2015 1:28AM PST

I don't know.. I just feel more comfortable with windows and I don't know if the developer will want to use linux. When you say I "listed some of the best and securing Windows is so well done as well as it won't fit in this text box unless we leave stuff out" what do you mean?
I'm trying to do this as easy as possible an cheap as possible. It doesn't make sense for things just like bringing in another Internet line and things like that that I listed when this is just a test machine. Those were just some suggestions I got another from another Post that I was not going to try to implement.

- Collapse -
Again, where does Linux have to be used?
Jan 20, 2015 1:53AM PST

When we are developing web apps or sites we tend to focus on Apache, PHP, SQL and such.

If you want to expose a Windows PC to the internet, well that topic is rather overdone. And I can't condense it all to fit here because if I leave out any detail, it's just as bad as dumping it all on you?

Why not go with your WAMP, backup your system from time to time so you can recover if you are hacked?

-> The really really short security answer is to port forward only what ports are needed rather than expose it all in the DMZ.
Bob

- Collapse -
port forwarding
Jan 20, 2015 7:24AM PST

I know how to do port forwarding so I'll give it a shot. I guess that can make it a little more secure. I just don't want the developer to be able to go through my network and have access my other computers somehow. I have passwords on the other computers but I guess I will have to make them a little harder.

Thanks anyway for the suggestions

- Collapse -
linux
Jan 20, 2015 7:28AM PST

LAMP -isn't that only used with Linux?

- Collapse -
Or in a Virtual Machine.
Jan 20, 2015 7:32AM PST

I had a really short dev thing I needed to check out so in went LAMP to a Virtual Box machine and it's as secure as I've seen. Just try to jump outside a VM. Just try it. If they did, well, they are quite the magician.
Bob

- Collapse -
linux
Jan 20, 2015 11:04AM PST

Don't hackers use linux? I I always thought it was more open so to speak more . Easier to make changes and get into hack. What distro I think it's called would you recommend? I'll see if the developer would be okay with it??

- Collapse -
That's a first.
Jan 20, 2015 11:21AM PST

Your replay is fine but shows there is must to learn. Since I can't write it all in this small box why not WAMP and port forwards as needed?
Bob