hey people out there,

I'm running two services for my local network to access plex and ssh.

I heard that as long as port forwarding is disable in my router and is not forwarding any ports to my local services, it should be safe and services are not seen by namp or the outside world. Is this true? thx in advance

Hello and welcome to LQ.

I'd suggest you go to one of those web sites that try to test your system maybe.
nmap could be run locally if you wish too. I rather doubt you could find what "services" are in fact running unless this is the worst set up system. At one time every system was open but now most are much more secure by default.

Here is the problem with security. A totally secure system won't work at all, you have to open stuff up to the outside world. To get into your system a hacker has to have some avenue to enter and then find out what is running. They can't if you don't respond to some things. For example the ssh, you could do some tricks to help limit the common crook maybe. Simple things like how it was set up and passwords or certificates to double authentication to time limits and maybe moving ports but with every improvement you end up with other holes.

To answer your question it is basically no on a modern linux system. The more "best practices" you learn and use the more likely that your system will be secure. If you have opened up holes or there are known or unknown holes then it could be attacked.

Linux security is a very, very, very complex subject. However, I am not over zealous or paranoid. I just want my services to be accessed only from my local network for local users and not the outside world.

I did read a public server needs ports forwarding enabled in the router for the general public to access local services. Again, I only read this. And since I don't have port forwarding enabled, I'm assuming my services will not be available for the general public.

Of course, I could be wrong.

Thanks for the reply and the nice welcome

I'm hardly an expert in this area, but this nmap tutorial might help:

http://www.linux.com/learn/tutorials...-guide-to-nmap

If your LAN is behind a NAT router to your public IP, and if your router is not configured to forward service ports such as http, you can safely run such services on your LAN withous worrying about outside access via the router.

Unless your router has some kind of security problem or misconfiguration, anyway.

I do know the basics of nmap. But my question was can someone on the outside using nmap see what services are running on my system.



That's reassuring



Thanks framknell and Doug for your inputs

i use this site for probing my ports : https://pentest-tools.com/discovery-...er-online-nmap

1 members found this post helpful.

A helpful link. Thanks

I use a similar site when ensuring I have opened the port I want to on my router:
https://www.grc.com/shieldsup

Thanks as well :-)

"only from my local network for local users and not the outside world."
Some of the hackers are pretty smart. The way you secure a lan could be to remove access to outside. I used to create two lans in my house even to protect one from the other.

A good way may be to monitor or install a higher quality firewall than what may be on home routers. Sure ports play a huge stop in this but if you want to be more secure you could easily run a virtual machine firewall appliance inside your lan and have all traffic go between it. Otherwise step up to a dedicated firewall appliance to the wan side. See things like Untangle linux maybe.