Calgarypuck Forums - The Unofficial Calgary Flames Fan Community - View Single Post

DoubleF · 03-25-2020, 05:39 AM

I've only really dabbled in Linux as well so take my comments with a grain of salt.

I've read that if you have an external access, you might want to keep separate boxes for your internal server and the one that is externally accessible. Otherwise, it could turn into a convoluted mess. This also avoids someone attacking your online side and somehow paralyzing even the internal server side.

I've dabbled with Ubuntu and Linux Mint before. Ubuntu looks more like Mac OS and Mint more like Windows, but this doesn't matter if you pop open terminal after the OS install to do everything you want (which IMO is cleaner and faster anyways). Mint is based on Ubuntu and Ubuntu is popular so it's easy to look things up and just apply it. I'm leaning towards the idea that you want a LTS (long term support) distro. Ubuntu 18 LTS is supported till 2023 for instance.

One of the problems I ran into trying to dabble in Linux is that once you install the unit to what you want, you just kinda leave it alone and not worry unlike a windows box. Updates were more likely to mess up your set up or offer no discernible benefit than help. The guy who helped me build my NAS deemed that updating Mint wasn't necessary unless somehow (unlikely) the set up suddenly partially stopped working such as a power failure and UPS failed to save the unit. He considered that with basic encryption and passwords, it would essentially be fine.

I also had a FreeNAS set up that I was tinkering with a buddy who works in IT and had a reasonable understanding of networking/security. But FreeNAS doesn't seem like it would work for your needs. This IT buddy also deemed that updates were not necessary (and would more likely break networking and functionality settings than help security wise) as long as encryption and passwords were robust. He said the weaknesses were at the end points in terms of access where the data was view able un-encrypted (when accessed) as opposed to the box and the OS itself. In both cases, we ran the boxes for 6+ months without updates and tinkering with no issue.

If you are going to insist on updates, I think there is a way to automate updates, but if you do, I'd suggest setting it only to specific types of security updates rather than all updates. I'm sure you can look up how to do it. But for whatever reason, most of the guys I spoke with felt that someone taking the time and effort to try and break into a linux box for a small insignificant company was exceptionally unlikely. This was a weird opinion to me and I am not sure if it's considered best business practices for your situation, but in theory I guess you could and there are businesses who have had these things running non stop for years with no updates with nothing happening. Again, I am unsure as to whether it is best practices to do this.

03-25-2020, 05:39 AM	#15
DoubleF Franchise Player Join Date: Apr 2014 Exp:	I've only really dabbled in Linux as well so take my comments with a grain of salt. I've read that if you have an external access, you might want to keep separate boxes for your internal server and the one that is externally accessible. Otherwise, it could turn into a convoluted mess. This also avoids someone attacking your online side and somehow paralyzing even the internal server side. I've dabbled with Ubuntu and Linux Mint before. Ubuntu looks more like Mac OS and Mint more like Windows, but this doesn't matter if you pop open terminal after the OS install to do everything you want (which IMO is cleaner and faster anyways). Mint is based on Ubuntu and Ubuntu is popular so it's easy to look things up and just apply it. I'm leaning towards the idea that you want a LTS (long term support) distro. Ubuntu 18 LTS is supported till 2023 for instance. One of the problems I ran into trying to dabble in Linux is that once you install the unit to what you want, you just kinda leave it alone and not worry unlike a windows box. Updates were more likely to mess up your set up or offer no discernible benefit than help. The guy who helped me build my NAS deemed that updating Mint wasn't necessary unless somehow (unlikely) the set up suddenly partially stopped working such as a power failure and UPS failed to save the unit. He considered that with basic encryption and passwords, it would essentially be fine. I also had a FreeNAS set up that I was tinkering with a buddy who works in IT and had a reasonable understanding of networking/security. But FreeNAS doesn't seem like it would work for your needs. This IT buddy also deemed that updates were not necessary (and would more likely break networking and functionality settings than help security wise) as long as encryption and passwords were robust. He said the weaknesses were at the end points in terms of access where the data was view able un-encrypted (when accessed) as opposed to the box and the OS itself. In both cases, we ran the boxes for 6+ months without updates and tinkering with no issue. If you are going to insist on updates, I think there is a way to automate updates, but if you do, I'd suggest setting it only to specific types of security updates rather than all updates. I'm sure you can look up how to do it. But for whatever reason, most of the guys I spoke with felt that someone taking the time and effort to try and break into a linux box for a small insignificant company was exceptionally unlikely. This was a weird opinion to me and I am not sure if it's considered best business practices for your situation, but in theory I guess you could and there are businesses who have had these things running non stop for years with no updates with nothing happening. Again, I am unsure as to whether it is best practices to do this.