They are frequently targeted because they offer enterprise grade configurations at consumer prices.
Which means, there’s a lot that can be misconfigured, and a lot of short staffed and under budgeted IT departments that deploy them, which means they are a good payoff when exploited.
That’s the bad part, and the good part.
You really cannot beat their price point to value for professional grade networking equipment. Just take the time to understand what you’re doing when doing your configurations, and keep them updated.
Very little is changing over time… I have a proliant salvage server running proxmox with some hosts and the router only port forwards to an NGINX proxy manager instance for the web interfaces on those hosts. I run a synology NAS separate from the proliant hardware that runs through the proxy.
I know I don’t understand it all, and i’m open to suggestions.
Yes, I attribute security significant misconfigurations to a lag between new service deployments and a relevant review by network security (in a business environment. At home it’s just me.)
So I’m running Milestone VMS, Synology NAS and maybe in a day a minecraft server for the kids, which should all be available outside my home. I’m using the mikrotik HexPOE which is my main router/firewall.
They are frequently targeted because they offer enterprise grade configurations at consumer prices.
Which means, there’s a lot that can be misconfigured, and a lot of short staffed and under budgeted IT departments that deploy them, which means they are a good payoff when exploited.
That’s the bad part, and the good part.
You really cannot beat their price point to value for professional grade networking equipment. Just take the time to understand what you’re doing when doing your configurations, and keep them updated.
Very little is changing over time… I have a proliant salvage server running proxmox with some hosts and the router only port forwards to an NGINX proxy manager instance for the web interfaces on those hosts. I run a synology NAS separate from the proliant hardware that runs through the proxy.
I know I don’t understand it all, and i’m open to suggestions.
Did you mean to send that reply to me?
I ask because I’m not quite sure what specific suggestions you’re looking for.
But in general, I would suggest not exposing port forwarding.
What services are running behind NGINX? What router/firewall are you using?
Yes, I attribute security significant misconfigurations to a lag between new service deployments and a relevant review by network security (in a business environment. At home it’s just me.)
So I’m running Milestone VMS, Synology NAS and maybe in a day a minecraft server for the kids, which should all be available outside my home. I’m using the mikrotik HexPOE which is my main router/firewall.