*** Deleted By Moderator ***
HP MediaSmart Server - Securing Your Server from Intruders
Categories: Security and User Management
The HP MediaSmart Server is designed as an “always on” device, which comes in handy for accessing files any time your network users need or want them. Additionally, Photo Webshare can allow visitors to view, add, and delete photos and videos. If not properly secured, these features present security risks, so you’ll want to ensure that unauthorized users can’t access your server and the files stored on it.
The following security measures help protect your network and computers:
Firewall protection A firewall is a hardware device or software program that protects your network from unauthorized access. It protects your system from hackers running programs, sending email, and gaining access to your private information. The following types of firewalls protect your network and computers:
- Broadband router firewall
- Windows Home Server firewall
- Personal firewall
Broadband router firewall
The HP MediaSmart Server requires a broadband router. Broadband routers allow multiple computers and devices to share an internet connection using NAT (Network Address Translation) technology. NAT allows all the computers and devices on your network to use a single internet connection (IP address). NAT acts as a firewall by masking the real IP addresses of your network components—including the HP MediaSmart Server—which keeps them from being seen outside the home.
Some broadband routers implement Stateful Packet Inspection (SPI), which adds enhanced security by examining each packet of information before allowing it into the network. SPI can prevent advanced forms of incursions like Denial of Service attacks.
Windows Home Server firewall
Windows Home Server includes Windows Firewall, which protects communications between the server and the computers on your home network. This firewall is configured to allow remote access. It is not configurable by the user.
Personal firewall
A personal firewall is a software application that protects an individual computer. Because a personal firewall is behind the broadband firewall, it will protect the computer on which it is installed from attacks from other computers within the network.
Firewall ports
The following table lists the ports used by the server.
| Type | Port numbers | Description |
|---|---|---|
| TCP | 80, 443 | Standard Web site |
| TCP | 55000, 56000 internal (subnet only) | Web site for Windows Home Server Web services |
| TCP | 1138 | Transport |
| TCP | 8912 | Backup and beacon |
| UDP | 8912 | Backup and beacon |
| TCP | 2869 | UPnP (Universal Plug and Play) |
| UDP | 1900 | UPnP |
| TCP | 3389 | Remote access |
| TCP | 4125 | Remote access (when enabled) |
| TCP | 139, 445 | File and print sharing |
| UDP | 137, 138 | File and print sharing |
| UDP | 10284, 10283, 10282, 10281, 10280, 10243 | Media connection |
The following topics in the Windows Home Server Console Help discuss how to configure your router for port forwarding:
- Learn how to manually configure your router and home server
- Configuring your broadband router
- Why can't I connect to some computers?
- Learn more about router port forwarding
Wireless security If your router comes with wireless capability, it has a piece of equipment called a Wireless Access Point (WAP). A WAP can come within an all-in-one-gateway, router, or as a standalone unit. In many cases, WAP’s security settings are toggled off by default and you must manually turn on the security settings. If the security settings are toggled off, anyone can access your network and may be able to get into the server and any computer or other device on your network. Firewalls and anti-virus software do not keep intruders out of wireless networks.
Most wireless networking equipment supports two forms of data encryption as security features:
- Wired Equivalent Privacy (WEP)
- Wi-Fi Protected Access (WPA)
For more information on how to configure the security for your wireless network, see the user’s guide that came with your networking equipment.
Anti-virus software You should install anti-virus software on all the computers on your network, and configure the software from one of the computers to scan all the shared folders on the server. You might be required to assign (map) drive letters to all your shared folders to enable the anti-virus software to scan the server. For information on how to map drive letters to your shared folders, see How to map and disconnect a drive letter in Windows XP and Windows Vista below.
| CAUTION: | Remember to keep your anti-virus definitions up-to-date. |
User name and password protection User names and passwords help secure the server by requiring authentication for managing the server, accessing shared files, and using remote access.
- Server password - during the first install of the HP MediaSmart Server, you are asked to create a strong password to allow access for managing your server from the Windows Home Server console. This password will protect the server from unwanted changes.
- User account passwords - each person who uses your network must have a user account so they can access shared folders on the server or, if configured, use remote access. For more information, see User Accounts and Setting User Accounts Password Policy in the Windows Home Server Console Help.
- Computer passwords - by using the same user name and password for logging onto a computer as for the server user account, you can avoid having to enter the user name and password when accessing a shared folder. Requiring logon to each computer on your network adds a level of security. For more information, see Why should logon names match? in the Windows Home Server Console Help.
- Webshare passwords - you can require passwords for outside visitors to your Photo Webshare. See Photo Webshare security on page 6-27.
Remote Access security
By default Remote Access is turned off.
Using a computer to remotely access the files on your server is protected in several ways:
- Security certificate
- HTTPS (encrypted Secure Sockets Layer (SSL) protocol)
- User account with strong password
Security certificate : When you install the HP MediaSmart Server software on your home computers, the Windows Home Server Connector software adds the Windows Home Server security certificate to the computer’s trusted certificate list. This security certificate helps secure the information that is exchanged between the server and your computer’s Web browser. The best way to access the files on the server while away from home is from a portable computer that has the HP MediaSmart Server software installed on it.
| CAUTION: | Using remote access to access your server from public or other untrusted computers is not recommended. Doing so can potentially expose your server to malicious software and viruses. HTTPS : Remote Access is secure because the connection between the remote computer and the server is done over HTTPS. HTTPS uses the encrypted Secure Sockets Layer (SSL) protocol, the same protocol used for banking transactions and retail commerce. User Account : Remote access does not allow logging on from the Guest or Administrator account. Moreover, the user account must be enabled for remote access, which requires a strong password to ensure that authentication is as secure as possible. |
Photo Webshare security
Home network users with user accounts and Photo Webshare access, must use their user name and password to logon to Webshare. Outside visitors who can create albums, add photos to an album, or download photos, must also have a user name and password.
For visitors who aren’t required to have a user name and password, your server is still protected from open access because of the nature of the link (URL) provided in the email notification. For example:
This type of URL restricts open access because of its complexity, but allows anyone who has received the URL to view the album without a user name and password. If you want more protection for accessing your albums, you can set visitor permissions so that every visitor must provide a user name and password. Normally, only visitors who can upload photos or video clips require a user name and password.
September 5, 2008 11:50 PM
August 28, 2009 10:35 PM
Thanks for this information. regarding of the firewall, I have an issue with some Anti virus programs like Kaspersky, when I install it and enable the firewall I have to open different ports than windows firewall just for shared network. I do not know why each Anti Virus software has a special port configuaration.
http://www.a2zpc.ca
Thanks
December 24, 2009 4:17 AM
Firewalls and antivirus? Give me a break. You have to poke holes in the firewall for all the services running, so what's the point?
I was hoping for an article on the detailed description of the services that are running and what the risks of those services are, but all I get is passwords, firewalls and antivirus? Don't you think anyone who wants to buy a SERVER for their home already knows about that stuff? Now get this fluff piece off this server so that other Googler's don't come across it.
RSS
