Question on if virtualization can do this.

Shoe Box

I have been studying the VMware VCA6-DCV course, and it is pretty interesting.

It brought up a question for a project of my own that I have been considering.

Let's say I want to make a website with a message board forum on it and host it myself at home on a static IP. I am concerned about hackers and people trying to take down the site.

If I were to do a baremetal VMware / hypervisor install with Windows 7 on it to host the site, would the hypervisor / VMware parts of it make it any more resistant to hackers / virus attacks, and like that?

paul78

Shoe Box wrote: »

would the hypervisor / VMware parts of it make it any more resistant to hackers / virus attacks, and like that?

A hypervisor does not make a server more or less secure. Think of it as just another server. And for what you mentioned - your biggest vector to hacking is likely to be the message board software and the OS it runs on - not the VM.

Good luck and have fun with your project.

thomas_

What are you trying to accomplish by hosting at home? I'm not sure how much money leasing an IP address from an ISP costs, but I imagine using a cheap shared hosting plan would be about the same amount of money. However, I guess you wouldn't get to manage the server if that is the whole reason for doing it.

OctalDump

That's an interesting question but I think might be a bit academic. Anyway, running more software, even a hypervisor, increases the attack surface. Potentially, there are more vulnerabilities, as you need to worry also about the hypervisor.
The other thing is that virtualised systems can be more easily managed in many respects, for example patch management, testing, backup, certain high availability situations. This might increase the availability of the system, make it quicker to recover from an attack or other failure.

There also exists the possibility to insert extra security software on top of the hypervisor, eg a NIPS, to monitor traffic.

On balance, for your purposes, probably the benefit of faster recovery and more flexible testing outweighs the downside of increased attack surface. But take all other sensible precautions to harden your box.

Any public facing server will be attacked, usually unsuccessfully, and generally within days or hours of going live.

Shoe Box

I don't really want to host it at home, but it may be my only real option. I want a forum where people can write about pretty much anything, using whatever words they want. I'm sick and tired of my thoughtful, well written, thought-provoking posts being deleted by self righteous moderators who don't agree with me.


This does not apply to this site, I have been remarkably well restrained here, plus I have a genuine interest in learning for more certs and things like that.


I checked with an ISP that is hosting a small site for me, and my plans violate at least 3 of their terms of service, and that is by my interpretation of the rules. They said as long as it is legal in Texas, it is ok, but I'm not in Texas, so I wouldn't know.

All the website would have on it is a message board forum, and the needed website to launch it from.

OctalDump

This is what you could do, set it up virtualised on whatever platform you like. Test it internally, get it nice and working, snapshot regularly before going live, back it up, and then test it public facing with friends etc.
Also, put some firewall in place. Ideally, put the whole thing on a DMZ net, and have the rest of your stuff all separate.

Another option would be to look at a VPS, or just straight out web hosting like cpanel, bluehost, plex etc. If it's low bandwidth, low complexity, then you might get hosting for quite cheap.

If nothing else it will be a good exercise, and possibly make a nice discussion point in a job interview situation.

kenrin

I don't suppose you would tell us what "plans" would violate the terms of service? As far as I know as long as you aren't actively trying to hack anyone using a dedicated or VPS or using up massive amounts of bandwidth to DDoS people they really don't care what you do.

I'm just trying to image a scenario where something tech related would be illegal in Texas. If someone steals your wallet down there you can chase him down the street with a gun while shooting him in the back and it is preferably legal as long as he doesn't drop your property before you nail him.

Shoe Box

Not plans for making the site. Plans for what people could write about on the forum. Politics, racism, drugs, warez, hacks & cracks, and pretty much anything else aside from child ****.

iBrokeIT

Shoe Box wrote: »

...with Windows 7 on it to host the site

You should not use Window 7 to host a website, it is not the right tool for the job. Client Oses are not meant to securely host public facing websites.

Do yourself a favor and learn how to properly setup a server OS with a web server before you complicate things further by adding in virtualization.

Lexluethar

It doesn't make it any more secure - the pieces that are still accessible to the internet are still vulnerable. So even if you are using Windows 7 with IIS on top of a VMware hypervisor, that Windows 7 component is still hitting the internet, still accessible to all kinds of nasty traffic and still has the ability to be compromised.

A safer solution would be to use a linux distro for hosting the site, let attack surface. Still vulnerable but not as much as Windows. Either way the hypervisor would not help in either case, the server is still facing the internet and still has an attack surface that can be popped.

datacomboss

Texas Constitution and Statutes - Home

DoubleNNs

thomas_ wrote: »

However, I guess you wouldn't get to manage the server if that is the whole reason for doing it.

Amazon AWS - you can manage the server (minus hardware) and get a static IP you can use for hosting.

If you'r just learning, they have a free tier that allows you to have 1 micro server up 24 hrs/7 days for an entire year w/o paying.

paul78

Shoe Box wrote: »

Plans for what people could write about on the forum.

Seems a bit ignominious... But I am a proponent of free speech so if you really are intent on this, go look at deep web hosting providers.