How to secure dynamic dns home network computer?

security dynamic-dns
5,108

Firstly, DNS plays almost no role in your computer's security. It's simply a mechanism for a human to find a computer address (ip address) more easily than having to type 196.23.15.251 for instance. So adding DDNS is not risky in itself. The DDNS update script runs on your computer or router and simply notifies the DNS server that your address for a domain name that you have registered with the provider of the DDNS service has changed. You don't have to allow access from the internet to the computer that runs the DDNS script, it does the work from the inside out, no "outside in" required.

As a note aside: Consider that most attacks on your computer are scripted or by bots. They just try all the possibilities that they know of, like easy passwords for root or admin, known exploits on web servers, etc. So if you want to "open" your network on some port, then research how to secure that (like only allowing ssh key access and not passwords), but that is unrelated to DDNS.

Share:
5,108

Related videos on Youtube

Author by

Spinor8

Updated on September 18, 2022

Comments

  • Spinor8 about 1 month

    I have read a number of articles on setting up a dynamic DNS using my web hosting provider to point towards my home network. This would then allow me to access my Ubuntu server on my home network which runs scheduled processes. The instructions I read involve switching on dynamic DNS functionality on my router.

    My first question is does switching on dynamic DNS functionality on the router allow the possibility of someone remotely connecting to my other machines besides the server that is running the dynamic DNS script?

    Ideally, I would like to allow only access to one machine, my home server which will run the dynamic DNS script. Additionally, I would want to allow remote (I define remote as from outside the home network) logins only to some accounts. These accounts will have less permissions. I only need these accounts to login, check the logs, do low-level troubleshooting, reschedule crontab jobs. It is perhaps more illuminating to understand what these accounts should not be able to do. From these accounts, the remote user should not be able to then login as a non-remote user who has full permissions. In particular, these accounts should not be able to run "sudo". Is this achievable? If not, is there a better way to restrict the permissions of a remote user?

    More generally, what additional steps can I take to secure my home network and machines if I intend to set up dynamic DNS?

    • user
      user over 4 years
      Please limit your questions to a single question per post. If you want to ask about the risks of enabling dynamic DNS, then don't ask about key-based SSH authentication or system permissions at the same time.

Recents

How to control Windows 10 via Linux terminal?
Why am I getting some extra, weird characters when making a file from grep output?
Unix to verify file has no content and empty lines
BASH: can grep on command line, but not in script
Safari on iPad occasionally doesn't recognize ASP.NET postback links
anchor tag not working in safari (ios) for iPhone/iPod Touch/iPad
Ambiguous call to overloaded function 'pow'
How to rename multiple columns in oracle using one Alter table statement?
How to determine world coordinates of a camera?
How to extract result content from play.mvc.Result object in play application?
Spring invoke method before every method call
How to round dates to week starts in Pandas

Related

Systematic attacks on multiple services & ports (getting past NAT) on hobby server
UFW: Allow traffic only from a domain with dynamic IP address
How do I integrate HSM encryption with JAVA?
OWASP ESAPI simpleTest in a Maven Java EE project
Spring security authrorize based on input parameter criteria
MIME Type spoofing
How to store private encrypted user data in the database, but make them available to other chosen users?
A better SQL string sanitization function
Does my code prevent directory traversal?
Setting GPO security filter with powershell Set-GPPermissions cmdlet