(Caveat: Although I am a programmer, I have limited knowledge of networking protocols. So please keep that in mind while reading this)
I'm interested in the existence a personal stealth web server (PSWS).
The PSWS is a small web server that runs behind a firewall yet is externally accessible
if you know the trick to access it. This will provide added protection for remotely accessing TivoWeb, web cams, and home automation. The goal would be to reduce the number of hacking attemptsespecially automated attackson ones private web server(s).
Consider that the PSWS user has a firewall is running in stealth mode. From my understanding this means that if another machine tries to connect to protected ports, there is no response and therefore the port doesn't even seem to exist.
The user would like to set up a web server on a non-standard port and make it available outside the firewall. However, he does not want the port to appear to be open unless the correct port and directory is requested.
For example, a request for http://www.foo.com:8073 would appear as if the port was not even enabled. On the other hand a request for http://www.foo.com/SECRET_DIR:8073 would successfully access a web page.
The obvious problems include the following:
1.) Any publicly accessible web access log might show a user accessing the secret directory. Search engines like Google might uncover this directory access.
2.) If someone was lucky enough to guess the directory, then they would have complete access to things you dont want them to.
3.) I can only assume a tight integration between the network layers and the web server will be required for stealth operation whereas normally they would be separate.
Here are some potential solutions for the problems that Ive raised:
1.) To counter the problem with the web access log, the secret directory would be ever changing. The secret directory could either be a function of the current time, or the user could carry around a time synched keychain password generator (such as used with high-end security systems). The password would be the necessary directory.
2.) The PSWS would not be the only security mechanism necessary to protect the web server. Additionally, security mechanisms such as password-protected SSL web pages and security logs would be necessary.
Has something like this already been implemented? Or are tools available that make this implementation trivial? Ive tried searching the web but Ive had no luck and Im not sure what search terms I should be using.
Thanks for reading this! Any help would be appreciated.