Ensuring adequate security when hosting servers from desktop

[willhub]

Hi, apologies if this is wrong section if a mod can move it if they think so.

I run some services from my desktop that I access over the internet.

Streaming the desktop for gaming
torrent UI
Streaming app UI
Plex
Minecraft Server & UI
Remote access for accessing the storage and transferring files

Additionally I want to host a simple website from my PC.

I've got a few ports forwarded for certain apps that won't use UPNP.

I'm using YouFibre, static IP and an Eero router.

Any steps I should be doing re security, I'm accessing these services simply with the IP & port relevant to the app.

 

[LizardKing]

You want to put it all behind a vpn ideally, having rdp open to the world will just invite people to brute force it. Admittedly I used to have rdp to the world but had a script that would block ip address of failed attempts, it was quite interesting to see the logs grow with their attempts and watch them try from different sources until ultimately blocking all their ip blocks.

If your firewall has the capability of using dns names in place of ip address's then setup a ddns on you client and whitelist that and block everything else.

 

[andshrew]

Don't, configure a VPN and access your device via that. WireGuard is probably the go to these days, it's reasonably easy to configure. If you don't want to do the configuration yourself, there are services like Tailscale. This configures WireGuard tunnels for you, and gives you a fancy management pane for controlling access. You don't need to tunnel all your traffic through the VPN, you can instead use it to directly connect between devices just for accessing these services.

If you can't use a VPN for whatever reason, create firewall rules to limit what IPs are allowed to connect in to your device. You should run all of these services on dedicated non-Administrator user accounts, so that if they ever were remotely exploited you can limit the scope of damage that might be done.