Jump to content
RESET Forums (homeservershow.com)

Upgrading from WHS2011?


stigzler
 Share

Recommended Posts

23 hours ago, Puulima said:

I'm still running WHS 2011, working like a charm. 40 TB of storage with the attached external storage box.  Understood no support.  Just read the part about "not getting critical security updates".  Not a router/internet access expert here - but isn't there a way to isolate the WHS2011 box from the internet?  I don't use the remote access any longer.  Curious... Not sure if there's a need to be concerned if still running WHS 2011

It depends on what you're doing with it. Is it running any apps that requires internet connectivity, like Plex? How much security hardening are you willing to apply?

 

Maybe for starters, I would remove all router port-forwarding configurations pointing to this server. That alone will drastically reduce the server's internet attack surface. If you only use WHS2011 like a NAS as well as for backing up your PCs, you can also go as far as to block its IP address on the router so that the server wouldn't even have internet access.

 

Finally, you could also harden the built-in firewall to protect it from attacks coming from your LAN (ie. compromised PC)

 

The thing with outdated software no longer receiving critical updates is that it won't be protected from zero-day vulnerabilities. However, if you follow common sense and only allow access just enough so that things don't break, you should be relatively fine.

 

Also, backup backup backup. Hope for the best but prepare for the worst.

  • Like 1
Link to comment
Share on other sites

 

On 6/17/2021 at 2:56 PM, oj88 said:

It depends on what you're doing with it. Is it running any apps that requires internet connectivity, like Plex? How much security hardening are you willing to apply?

 

Maybe for starters, I would remove all router port-forwarding configurations pointing to this server. That alone will drastically reduce the server's internet attack surface. If you only use WHS2011 like a NAS as well as for backing up your PCs, you can also go as far as to block its IP address on the router so that the server wouldn't even have internet access.

 

Finally, you could also harden the built-in firewall to protect it from attacks coming from your LAN (ie. compromised PC)

 

The thing with outdated software no longer receiving critical updates is that it won't be protected from zero-day vulnerabilities. However, if you follow common sense and only allow access just enough so that things don't break, you should be relatively fine.

 

Also, backup backup backup. Hope for the best but prepare for the worst.

 

After doing some additional reading, decided it was time to bail on WHS 2011.  Ultimately I'm only using it as a glorified NAS and central storage for home network PC's.  I RDP into it also.  Researched Windows 10 on the N40L, had an old 8.1 Pro license kicking around so went for it. 

 

I do have 2 buddies still running WHS 2011 but on Acer RevoCenter Rc111 boxes - AMD Atom CPU's that cant handle W10 apparently (at least that's what I read, couldn't find anyone that had W10 installed). So I will use your suggestions.  I had ditched the port forwarding stuff when the Pandemic started and I checked out my open ports on SHODAN - there was my WHS login screen and personalized picture on display 😐

 

When you say block the IP address for the server on the router - how does that work?  I have a static IP setup for the router used for RDP access and in KODI.  That IP is in a range outside of the DHCP provided IP addresses on the Router. Not sure what you're referring to?

 

Thanks

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...