Would you automatically update your Windows 10 that's used as a file server?

Forums › Microsoft Windows › Would you automatically update your Windows 10 that's used as a file server?

1 | 2

Tinkerisk

4155 posts

Uber Geek

#3219170 16-Apr-2024 16:21

turtleattacks:

Given that it's only going to be used as an internal file server - would it make sense just to block internet access to the W11 machine?

(upgraded to W11 from W10).

Anyone asking such questions should only switch on a server after clarification. Sorry, this is not meant personally, but in terms of security.

- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT: thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D: two 3D printers, 3D scanner, CNC router, laser cutter

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.

turtleattacks

877 posts

Ultimate Geek

Trusted

#3219172 16-Apr-2024 16:23

Tinkerisk:

turtleattacks:

Given that it's only going to be used as an internal file server - would it make sense just to block internet access to the W11 machine?

(upgraded to W11 from W10).

Anyone asking such questions should only switch on a server after clarification. Sorry, this is not meant personally, but in terms of security.

No offense taken mate, I'm still trying to learn as I go myself.

Tinkerisk

4155 posts

Uber Geek

#3219175 16-Apr-2024 16:34

turtleattacks:

No offense taken mate, I'm still trying to learn as I go myself.

A server is protected for access FROM the Internet. If it is only used for internal purposes, access from the Internet is completely blocked. However, a connection TO the Internet makes sense for (automatic) security and version updates, but a firewall should prevent the server from becoming independent, e.g. only being able to establish very specific connections to the Internet. Otherwise, TO the Internet access can be completely blocked, which then results in manual updates.

MadEngineer

4223 posts

Uber Geek

Trusted

#3219310 16-Apr-2024 20:46

Tinkerisk:

turtleattacks:

No offense taken mate, I'm still trying to learn as I go myself.

A server is protected for access FROM the Internet. If it is only used for internal purposes, access from the Internet is completely blocked. However, a connection TO the Internet makes sense for (automatic) security and version updates, but a firewall should prevent the server from becoming independent, e.g. only being able to establish very specific connections to the Internet. Otherwise, TO the Internet access can be completely blocked, which then results in manual updates.

Never make the false assumption that because you've protected something from the internet that it's safe. Lateral movement is a tab key away from within a hackers toolkit once they're in your network.

You're not on Atlantis anymore, Duncan Idaho.

Tinkerisk

4155 posts

Uber Geek

#3219313 16-Apr-2024 21:08

MadEngineer:

Tinkerisk:

A server is protected for access FROM the Internet. If it is only used for internal purposes, access from the Internet is completely blocked. However, a connection TO the Internet makes sense for (automatic) security and version updates, but a firewall should prevent the server from becoming independent, e.g. only being able to establish very specific connections to the Internet. Otherwise, TO the Internet access can be completely blocked, which then results in manual updates.

Never make the false assumption that because you've protected something from the internet that it's safe. Lateral movement is a tab key away from within a hackers toolkit once they're in your network.

Hence my reference to the firewall, which standard routers do not have or only have as a ‚light’ version. So I don't assume anything as safe, neither in front of it nor behind it. 😉

1 | 2