Any Paranoid Amahi users?
Posted: Thu Jun 30, 2011 10:03 pm
Question, are there any paranoid amahi users on here?
I'm pretty happy with my HDA. It's like my own personal cloud, I can use HDA-connect, establish a secured UVNC window, browse the internet over remote desktop, share files via SMB, access sickbeard, couchpotato, sabnzbd, gmote, ampache, manage my router etc. etc. etc.
I feel though that I know just enough to get myself in a lot of trouble security wise. I have a lot of ports opened for various services. I have strong and unique passphrases on ALL of my various services on amahi but I just feel like at any given moment some black hat could rain on my parade.
My tentative idea is this: Close all the ports on my router save OpenVPN into my dd-wrt router. Create my OpenVPN CA on my sterile non-internet connected netbook. Connect the netbook to the router, copy the Private server key. Then copy the client keys to my workstation, notebook, and android phone. When I'm on the road and over an unsecure channel (ala public wifi) I can VPN into my router and access all my HDA services over an encrypted channel. If any of my devices gets stolen, I can just revoke it's key, without needing to rejigger the rest of my systems.
That seems easier than trying to make all my webservices https when some of them don't support https.
Does this seem like it'll work to you all? Are there any major weaknesses (i'm still new to this stuff)?
rbmattis
I'm pretty happy with my HDA. It's like my own personal cloud, I can use HDA-connect, establish a secured UVNC window, browse the internet over remote desktop, share files via SMB, access sickbeard, couchpotato, sabnzbd, gmote, ampache, manage my router etc. etc. etc.
I feel though that I know just enough to get myself in a lot of trouble security wise. I have a lot of ports opened for various services. I have strong and unique passphrases on ALL of my various services on amahi but I just feel like at any given moment some black hat could rain on my parade.
My tentative idea is this: Close all the ports on my router save OpenVPN into my dd-wrt router. Create my OpenVPN CA on my sterile non-internet connected netbook. Connect the netbook to the router, copy the Private server key. Then copy the client keys to my workstation, notebook, and android phone. When I'm on the road and over an unsecure channel (ala public wifi) I can VPN into my router and access all my HDA services over an encrypted channel. If any of my devices gets stolen, I can just revoke it's key, without needing to rejigger the rest of my systems.
That seems easier than trying to make all my webservices https when some of them don't support https.
Does this seem like it'll work to you all? Are there any major weaknesses (i'm still new to this stuff)?
rbmattis