Just a suggestion

[arche 176]

Good Morning.

 

Not sure if this goes here, but figured I would post a suggestion about the forums. I understand the need to post server logs from users to fix errors, but the issue I see is that users that do not secure their server from the outside world or password protect their media browser 3 server and are uploading there server info including IP's. Maybe protect users by making error reporting sections of the site downloadable only to admins and mods or request them to be pm'd to the admin or mods to use a private section of the forum to only the admins, mods, devs to be able to analyze them.

 

People have a habit of leaving there ports open unprotected and allow anyone to see their private library of movies, etc..

 

This brings me to another point about the server security, maybe build in a device (mac address) filtering option so that only approved devices may be able to access the server. Not sure if this is already implemented but I have not seen it.

 

Again, just a opinion. I am new to the home media server hobby, but not computer security in itself. A lot of people just don't know the repercussions of open ports and no passwords. Most people don't know about mac filtering.

 

Please don't take any offense to my opinion as it is just my opinion. There is a great software being developed here and has a great future.

 

Thanks

[Beardyname 195]

This is actually something i thought about, (the log files themselves). Maybe there is a way on the site to auto remove ip adresses ?

 

On a 2d note, mac address filtering is not really secure there are tools to fake addresses. There has been some talks about having it so only devices on the "Internet" needs to enter a password but on the LAN side they don't. I think we just have to wait and see about this sort of feature But what should be looked into a bit quicker is the logs thing, i always edit mine but i would bet that it's not common practice.

[arche 176]

This is actually something i thought about, (the log files themselves). Maybe there is a way on the site to auto remove ip adresses ?

 

On a 2d note, mac address filtering is not really secure there are tools to fake addresses. There has been some talks about having it so only devices on the "Internet" needs to enter a password but on the LAN side they don't. I think we just have to wait and see about this sort of feature But what should be looked into a bit quicker is the logs thing, i always edit mine but i would bet that it's not common practice.

I agree mac filtering is not the most secure feature, but stops the common kid scanning ports because they watching one to many hacker movies. But usually prove to be the most annoying of people getting into unsecured servers. Maybe there can be some brain storming on another way of securing the server with open ports.

 

Unfortunately not everyone knows what to look for in there log files. But glad you agree about the log files.

 

Thanks

[Koleckai Silvestri 1150]

Good suggestion on the forum.

 

However Mac address lists should be controlled by the gateway and not the server application. As Mac addresses are very easy to spoof they don't provide a lot of security. Almost every device allows you to change the Mac address that it reports. What we need on the server is SSL or what most people see as HTTPS. This actually encrypts the data between locations. Combine this with strong passwords outside the LAN and you have the best method of keeping your server protected. SSL is planned for the server just not sure when it will get implemented.

 

Also set the server to require manual usernames on mobile clients. Then when they probe your port they will get a username and password screen. You are not providing half the equation with a user list.

 

To protect your IP address, access your server via Server Name while in your network. So it is listed instead of the IP. So \\mediaserver\ instead of 192.168.0.52. Then generate your logs while on the local LAN if possible.

 

Alternatively, you can edit the log in a real text editor like Notepad++ (free with a google search). Replace the IP addresses in the logs with xxx.xxx.xxx.xxx. The actual address is rarely relevant to the issue unless you can't connect at all.

Edited April 5, 2014 by Wayne Luke