I think I’m on the right Stack for this question
So, I’ve been self-hosting a web server from my home. And recently I’ve started to see
;‘s being included in some request. Trying to, I assume, access the router. Because following the
; is the IP address of the router. And they are trying to access the
currentsetting.htm. There has also been request with the default admin creds. And other various requests.
My current focus is, the router configuration. I have a modern up-to-date Netgear router. The only thing I changed from the standard configuration is:
- A static IP pointing to the web server
- Port-forwarding for
HTTPexternal port 80 to point to the Web Server Port that is serving the App
Right now, I’m not concerned with the server itself, but want to make sure my other devices on the network can’t be accessed from the outside. I see a bunch of settings available to me on the router. Like a "Web Service Management", clicking on it I then have a single option under a "Local Management" header that has a checkbox with the label "Always Use HTTPS to Access Router
" which is currently unchecked. I’ve been tempted to check it, but I don’t really know what this is going to do/break. I don’t currently have HTTPS on the Web server. Didn’t really seem like a priority at the moment, as I don’t actually require the users to input any data (the app is basically a static info-portal)
I know there is no security guarantees with computing but is there a set of "best practices settings" that I should ensure are in place to increase the chances of keeping outsiders from see/accessing my other devices. From my searches, the only thing that I find is a "Best Practices" for the server itself.
Thank you all in advance!
HTTPS-only access to the router wouldn’t do much in terms of security as you’re already accessing it via a private network.
To secure you router I suggest the following:
- Make sure you have a strong admin password.
- Make sure the router’s firewall is enabled.
- Make sure external access to the admin interface of the router is disabled.
These 3 things should provide reasonable security.