Emby security hardening

[FlatScreen 15]

Is there any good Emby security hardening guide somewhere? Please share URL if any.

What are the IoC (indicator of compromise) in case a box is vulnerable or compromised? @cayars

[Carlo 4330]

No there isn't anything specific, but I've got the feeling there will be a guide soon.

There are guides for setting up Emby Server behind a local reverse proxy which can be used for security reasons.  There are also guides available for setting up your server behind a CDN such as Cloudflare which also adds several layers of security to your setup.

Security "starts at home" and what I mean by that is to first start by reviewing your current system.

Do all users have passwords?
Are you using the options on the user's profile tab to "Hide this user from login screens" for local and remote use unless they've logged in previously?

Those two alone are the two biggest changes you can make from a security standpoint.  If no one has ever logged in from a device or browser previously you don't want to give logins name away on the login screen as that's one piece.  Using a strong password is always a good idea as well. 

Assuming you have remote setup you want to use a domain name and have a valid certificate. You want to make sure to have setup Emby to use your certificate so all remote access is encrypted properly when needed as well.

Make sure you don't have an admin account name "administrator", "admin" or "root" as those are targets on every platform.  Also if possible don't have your admin account the same as your local viewing account. Name your admin account something cryptic that would never be guessed. This way if you use a local username of "Carlo" or "John" it's just a "view" user and not a member with power to do harm.

Setup your admin account so it's only usable on your home LAN and not remote.

Those are the main things I would suggest doing.

Carlo