PICAXE .NET Server Security in 2019

nick12ab

Senior Member
I have an idea for a very simple IoT-based project, and I'm thinking the PICAXE .NET Server would be a good fit for it since I have a few lying around.

How secure is it nowadays? I'm thinking it's secure despite its anchientness because it doesn't really run much (none of that newfangled Linux stuff which needs to be locked down with extreme care so that attackers can't use a compromised web server to access the rest of your network) but I could be mistaken.
 

hippy

Technical Support
Staff member
That would be my assessment; it doesn't do a lot so there isn't that much which could be done to put it to nefarious use.

Also, if it's on a local network, not internet facing, there should be zero risk. Even with just its HTTP port or whatever open I doubt there's any great risk.
 

oracacle

Senior Member
I think that the security will have more to do with your router and how it deals with external traffic, stores passwords.

Everything has to go through your router if you plan to access our from outside your network. When setting up your domain name service ensure you use a strong password. This will normal have to be stored on your router was well, so how it encrypts the password is important. But the most obvious thing that springs to mind is port opening/forwarding. If all external ports are closed then great nice and secure, but you will most likely have to open at least 2 ports (80 and 443 iirc) so attackers will normally attack those ports.

Personally not done it myself but a hardware fire wall is probably the best way to protect your network and machines on it.

There are ways to run multiple networks on a single router using subnets, but most of the off the shelf routers don't provide the tools needed for setting up 2 completely different networks with external access which results in security issues.

Networking, and in particular secure networks is a large subject which is best discussed on s desiccated forum as I think it's beyond the scope of this forum.

Just thinking as I wrote the last of that, you maybe be able to setup static routes which will help, but it's starting to get further down the rabbit hole of network engineering
 

Hemi345

Senior Member
I used to have my little home-grown PICAXE webserver port forwarded through my router so I could connect from anywhere and see the temp and humidity of my home. I forwarded an obscure port into the network instead of just using TCP 80, thinking I might be sneaky. But people all over the world are scanning every port of every subnet looking for someting to exploit. I had my HumidiStat project configured to just return a simple webpage when a request came in (any request). That project became unusable because the asshats scanning my network, were trying all sorts of things 24hrs a day and my HumidiStat spent all its time just continually sending back the webpage. :mad:

I'm much better with full fledged webservers than writing my own, so now I just post my data to a real one in the cloud where I can use a database and authentication mechanisms to securely store the data. Keeps my home network more secure since I don't need to poke holes in it and I can use established libraries to build a cool interface to visualize the data I collect. :cool:
 

nick12ab

Senior Member
Thanks for your contributons all.

Your project sounds similar to mine, Hemi345.

Looks like putting the Net Server online isn't a good idea even if it will only have one user, if only for performance reasons.

Making a simple project has revealed other caveats, such as sharing the PICAXE system's support for negative numbers (i.e. none, as far as I can tell).
 
Top