Hello guys, I’m have little to no experience when i have to deal with networking or cybersecurity.

I recently created a backend RESTful API on my Ubuntu VM on my personal desktop and dockerized the app, connecting it to a bridge network named ‘tunnel.’ I also have the Cloudflare Docker hosted in the same ‘tunnel’ network, which allows my local RESTful API Docker to be accessible via my domain and exposed to the internet.

Can anyone help me understand if this setup poses any security risks to my home network?

If so, what should I do to help reduce the risk? I have read that firewall helps, but does a restful api container developed with golang requires it?

  • adamshandB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    There’s nothing inherently insecure about exposing a service to the internet. But it does create an attack surface.

    A firewall or proxy (Cloudflare, Nginx etc) allows you to restrict access via ip address or authentication, but if there’s a bug in your service it can still be exploited.

    The good news about a service you write is that there are no ready built tools to exploit it. The bad news is that there are almost certainly more bugs.

    So it really comes down to what your ap has access to (is it jailed or restricted in someway), is it read only or does it allow modifying file in the system? How confident are you with your code? If someone starts bashing in it, will you be alerted? Is it did get a coloured how serious would that be? There is no “right” answer, is a risk assessment you have to make based on your situation.

    • SheeesssshhhhhhOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      My APIs require just a simple api key to be placed in a json header to make a request.

      It is just some personal android apps connected to these APIs to interact with certain databases. While there’s no sensitive data involved, I am more concerned about specifically, if there’s a possibility that an attacker could use this to gain access to my personal computer or other devices connected to my home network.

      Should I create a sub network and get a raspberry pi to host these apps?