Chances of getting hacked on home IIS server?

[Benergy]

So I have a server/gaming PC at home, and wanted to set up an eportfolio site with projects I've worked on and things like that.

The machine I want to set it up on is also an IP based CCTV server with web access (using DDNS and a specific port) that just has a username/password login as protection.

What are the chances of the CCTV server or indeed *cough* sensitive files on other HDDs being compromised by an attacker? Is there anything I would need to look out for in particular? Would I be safer just paying for hosting elsewhere?

[leadeater]

Really depends on how you setup the web server and if you follow the security best practices, have a look round on google for general recommendations on tweaks you can make to IIS to make it more secure. Don't use common usernames and passwords but that's obvious and applies to everything.

If possible publish the website using a reverse proxy or from behind a true firewall rather than just port forward on your router. Pfsense and Sophos support reverse proxy, using Squid.

Personally I would use a VM to host the web server and keep CCTV and secure files well away from web facing systems/web servers.

 

[Redportal]

Firstly it doesn't matter if you host it or not, no one is completely safe from attackers.

As for the web server if your using a plain (vanilla) version of IIS you don't have anything to worry about. Your biggest issue here might be if the server has a public static IP. In which case you need to lock down your remote desktop settings (RDP). As attacks will most likely attempt to brute force your login and try to gain access that way.

 

Another level of security might be to add a .htaccess file to restrict access to a white list or blacklist. Here you can grant permissions based on user / password combos or IP level filtering.

 

If you would like more info about the above just let me know and I would be happy to help.