My first YACY server - security questions

I will be putting a new YACY server online soon but first I want to do my research. I have a few questions after only a day of experimenting but being new to the forum I dont want to annoy anyone by demanding lengthy answers or post things where they shouldnt go, so if you have links to tutorials or videos please post them
My questions would be these, at the moment
If I put up a Yacy server (Ubuntu 18.04) on the peer to peer network, what do i need to do in order to ensure that my server is safe. How do i secure the server against vulnerabilities in peer to peer protocols(if you can post links to tutorials that would be great)
In addition to this I wondered if you could tell me what the situation of most people hosting a YACY server is? Are you guys mostly academics running this stuff on university networks or do most people run it on a domestic connection? Will I annoy my ISP if I run this stuff over a domestic cable (Fibre optic) connection that gives me 70Mb/s?
All security advice welcome. I aim to spend 10 days reading tutorials and experimenting before I think I will be ready to add to the YACY experience. Thanks for help, sorry if this first post is in any way in the wrong place or too noob

Actually I have decided to place the server in a DMZ to protect my LAN, which answers the security issues.
I also realise now that I need to be running a firewall on the server itself to stop the possibility of compromise.
So the only question I really want to know at this point is, What kind of people are running a YACY server/node? I, myself, have 30 years of experience in the computer industry. These days I run my own business doing IT support, consultation, and maintenance, for a few small to medium sized businesses.

Usually YaCy is running at home (behind NAT) or on a personal root/vserver (no back-office LAN, so no DMZ to be a barrier). Another use-case is that YaCy is running in an intranet without internet-access to index intranet-data - here also no DMZ is required.

In such a case where you have a DMZ because your network topology is so big that it requires one, it can be useful to put YaCy there if you want to index internet-pages. But in such a case you can also run YaCy outside of your company environment alone in a root/cloud/vserver which again gives you maximum security.

So actually your aproach is correct but there are many other use cases and situations where you have maximum security without a DMZ.

Thank you for the reply. I am really getting into YaCy, I hadnt realised quite how fascinating peer to peer networks are. I have a lot to learn but at least my server is up and running and, as far as I can tell, interacting with other servers very well. I just have to learn how to control it better and make it more efficient etc, and more community friendly. Thanks for replying to my first post

1 Like