I am considering purchasing DynDNS product for use in hosting a Game Chat Server.
I am a bit worried as I am learning more about your service and I am a little concerned about security for my home network.
Is it easy for someone to access other parts of my home network using the DynDNS.com service hostname resolved to my dynamic IP Address ?
Are there standard measures you suggest to protect other areas of a home network ?
In general no, you have to forward ports to the devices people can access. If you don't forward the ports (or the devices don't configure your router to do it using UPnP) then those devices can't be accessed.
Of course, if the application (your Game Chat Server) has security vulnerabilities then it could be used to access the rest of that computer, and as a stepping point to the rest of your network.
At a minimum, ensure that the operating system you're using is kept fully patched, preferably automatically and your software is kept fully up to date. Subscribe to their notification services (Twitter, email, RSS, forum, whatever it is) and check it at least daily. Obviously you should also be running an anti-malware package that automatically updates itself and scans the computer at regular intervals.
If you can, run the software on a physically separate system, with nothing on it that you care about. If that isn't possible consider using a virtual system (such as with VirtualBox) and running the software inside it. That isn't as effective a separation, but for most home users will be good enough.
In an absolutely ideal world you would put that on a physically different network (often referred to as a DMZ, but not the DMZ that your router may refer to - that's an entirely different thing). That would stop it being used as an easy stepping stone to the rest of your network if it was compromised.
For most people just the first - keeping fully patched and up to date - is usually enough. Once you go beyond that it is more effort to set up and maintain, so many people don't bother.
Personally I put all my exposed services on a physically separate network on physically separate hardware. I do have the spare hardware to do that with however.
answered Jan 01 '11 at 10:38 AM
Cry Havok ♦