DEDICATED SERVER | SECURITY OPTION??

[Equenox]

Hi!

 

Im new here! 

 

Im currently setting up a new server for some game I play, to be more precise, Rust.

I know how to do it and set it up. But something preoccupate me. The server I will host will be a 100 to 150 person. 

Security is one of my big issue. The server will be hosted on a dedicated PC with no personnal Information or anything. 

But my Internet is still at risk with my router being portforwarded.

 

Ive read about Windows Server and its security advantage. Was wondering if that could be an option. Of what is the best for me.

I know nothing about security for Dedicated Server.

 

Can someone help me out?

 

Sorry for my bad english, im French!

 

 

 

 

[Electronics Wizardy]

Might as well use linux for the server, free, normally faster and more secure.

 

If your router supports it you can make a seperate subnet so the server can't talk to any other devices on your local network.

 

If secuirty is a big issue, id probably put it behind something like cloudflare to block ddos at other attacks, also hides your ip.

[Equenox]

So let's say I create a Subnet, that only my dedicated server is connected to. If someone is able to connect to this said Subnet, He wont be able to have access to anything but the said Dedicated SERVER  Right? Won't protect from DDOS but altleast from breaching into other PC that do have personnal info . After that i Guess i could PW protect the server files so said person don't go mess in them?

[Electronics Wizardy]

1 minute ago, Equenox said:

So let's say I create a Subnet, that only my dedicated server is connected to. If someone is able to connect to this said Subnet, He wont be able to have access to anything but the said Dedicated SERVER  Right? Won't protect from DDOS but altleast from breaching into other PC that do have personnal info . After that i Guess i could PW protect the server files so said person don't go mess in them?

The subnet is for if they are able to break into the server, they can't access any of your other pcs. Subnetting won't help with DDOS attacks normally as they just overwhem your internet connection, and nothing can connect.

 

 

[steelo]

12 minutes ago, Equenox said:

Hi!

 

Im new here! 

 

Im currently setting up a new server for some game I play, to be more precise, Rust.

I know how to do it and set it up. But something preoccupate me. The server I will host will be a 100 to 150 person. 

Security is one of my big issue. The server will be hosted on a dedicated PC with no personnal Information or anything. 

But my Internet is still at risk with my router being portforwarded.

 

Ive read about Windows Server and its security advantage. Was wondering if that could be an option. Of what is the best for me.

I know nothing about security for Dedicated Server.

 

Can someone help me out?

 

Sorry for my bad english, im French!

 

 

 

 

Could you create a virtual server? That way if there is a security breach, they cannot go beyond your VM?

[Ambrose_A]

10 minutes ago, Electronics Wizardy said:

Might as well use linux for the server, free, normally faster and more secure.

 

If your router supports it you can make a seperate subnet so the server can't talk to any other devices on your local network.

 

If secuirty is a big issue, id probably put it behind something like cloudflare to block ddos at other attacks, also hides your ip.

but there's something to be said for the an OS that is more point and click like windows server, linux usually needs a bit of setup and a bit more uses of terminals. I've tried both types and have found that windows server to be a bit easier if you're just getting into server OSs.

It can be expensive but you can find cheaper sources, though some of them maybe more questionable sources. I got my windows server 2016 from ebay for like $60, of course that was the second one, the first one was blacklisted by Microsoft for some reason, but it's your choice which source you go for.

If the computer already has windows running on it, maybe you could run the server off of that?

[Equenox]

Alright. Thanks for quick Answer! Will look into it. If they can just have access to the dedicated server and not other PC, that solve my major issue. After that i will PW protect all files related to the Rust server, so they can't go play in em. 

[Equenox]

1 minute ago, steelo said:

Could you create a virtual server? That way if there is a security breach, they cannot go beyond your VM?

That would probably be a bottleneck for the server?

[Loki0111]

6 minutes ago, Equenox said:

So let's say I create a Subnet, that only my dedicated server is connected to. If someone is able to connect to this said Subnet, He wont be able to have access to anything but the said Dedicated SERVER  Right? Won't protect from DDOS but altleast from breaching into the PC. After that i Guess i could PW protect the server files so said person don't go mess in them?

What you are sort of talking about is VLAN's but its not overly likely you have the networking hardware for that.

 

You can isolate with separate subnets but that will require logically separated VLANs or physically separated network hardware.

 

My usual recommendation is to lockdown and harden the exposed server and just port forward the specific game/application ports you have clients connecting. If the Rust server is running on a Windows box lock out the admin account completely or make sure remote access is disabled. Install the Windows version of IPban and set it to lock out any connecting IP's which fail authentication more then 5 times. This will stop any type of brute force attacks. Any decent router should be able to handle basic DOS attacks.

[steelo]

4 minutes ago, Equenox said:

That would probably be a bottleneck for the server?

I'm not an expert in this area. I did run a low traffic website server from a VM and it seemed to run okay as it didn't require vast resources. I don't think there is MUCH of a performance hit, as long as you allocate sufficient resources.

 

One area where VM's may present a problem...you will need GPU passthrough and it can quickly become complicated.

[Electronics Wizardy]

2 minutes ago, Equenox said:

That would probably be a bottleneck for the server?

not really, if setup right a vm has a performance hit of about 3%

 

This is probably the best option,also makes backups, migration, snapshots and security easier.

[Electronics Wizardy]

2 minutes ago, Loki0111 said:

What you are sort of talking about is VLAN's but its not overly likely you have the networking hardware for that.

 

You can isolate with separate subnets but that will require logically separated VLANs or physically separated network hardware.

 

My usual recommendation is to lockdown and harden the exposed server and just port forward the specific game/application ports you have clients connecting. If the Rust server is running on a Windows box lock out the admin account completely or make sure remote access is disabled. Install the Windows version of IPban and set it to lock out any connecting IP's which fail authentication more then 5 times. This will stop any type of brute force attacks. Any decent router should be able to handle basic DOS attacks.

well you don't need a vlan at all, id just use anouther port on your router. Thats probably the easier and better way to do it.

 

Your rotuer won't help with DDOS attacks, they will just max out your isp connection, and the router won't matter at all.

 

 

[Equenox]

1 minute ago, Electronics Wizardy said:

not really, if setup right a vm has a performance hit of about 3%

 

This is probably the best option,also makes backups, migration, snapshots and security easier.

Alright, so if i Follow Correctly, I create a VM ON my dedicated server PC, that will host my Rust Server. Im pretty much secure for what i want to do

[Equenox]

There is many way then haha, will do some experimentation

 

[Loki0111]

2 minutes ago, Electronics Wizardy said:

well you don't need a vlan at all, id just use anouther port on your router. Thats probably the easier and better way to do it.

 

Your rotuer won't help with DDOS attacks, they will just max out your isp connection, and the router won't matter at all.

 

 

I said to port forward. VLAN's are useful for isolating separate networks behind your router but you require some decent networking gear for that.

 

Yes, most commercial routers can block DOS attacks if we are talking about a single source like a random idiot on the net. No it won't block a botnet attack or something of that scale.

[Electronics Wizardy]

1 minute ago, Equenox said:

Alright, so if i Follow Correctly, I create a VM ON my dedicated server PC, that will host my Rust Server. Im pretty much secure for what i want to do

thats what Id do. Then you can firewall of the vm so you don't really need the subnets either.

[Equenox]

1 minute ago, Electronics Wizardy said:

thats what Id do. Then you can firewall of the vm so you don't really need the subnets either.

Thanks A LOT for your time! Will try that!

[Loki0111]

1 minute ago, Electronics Wizardy said:

thats what Id do. Then you can firewall of the vm so you don't really need the subnets either.

How does running a VM protect his LAN hardware?

[Electronics Wizardy]

Just now, Loki0111 said:

I said to port forward. VLAN's are useful for isolating separate networks behind your router but you require some decent networking gear for that.

 

Yes, most commercial routers can block DOS attacks if we are talking about a single source like a random idiot on the net. No it won't block a botnet attack or something of that scale.

You need the subnet, and firewall rules. Vlans are just there to make wiring and switchig easier. Vlans don't control where packets go, there just seperate broadcast domains.

 

You can block the DOS attacks packets, but the worry is filling the isp connection, and you need something like cloudflare to fix that

 

Just now, Loki0111 said:

How does running a VM protect his LAN hardware?

You can firewall the vm off from access other systems on your network.

[unijab]

5 hours ago, Equenox said:

That would probably be a bottleneck for the server?

I run my rust server on a Linux VM on a spare machine of mine... Never had that many players tho, my internet won't support that many