Tell us about Internet security.

Periodically measure the temperature of the pond with a sensor and upload the value to a web server via FTP.
I made a program that can be viewed using the Internet.

The computer i am using is Windows7 Pro.
It is not used at all for other tasks such as email reception and web browsing.
24h x 365 days energized and left unattended.

Windows Update is not automatically updated for various reasons.
Windows standard Firewall is also turned off.
Anti-virus software is not installed.

The web server is a general rental server.

The routers that go out to the Internet are not specifically configured for security.

In such a situation, is an attack from the outside?
What are the dangers?

Visit suspicious sites, open virus-attached emails, etc.
I can imagine a virus infection from such behavior,
I don't understand the threats from outside when I'm just connected to the Internet.

I am sorry for the amateur question.

  • Answer # 1

    If a router is vulnerable, the router may be cracked. If an arbitrary program can be executed on the OS on the router, communication with the Internet may be altered or internal network devices may be accessed via the router.
    Reference: New malware VPNFilter infects more than 500,000 routers   

    If the router is cracked, you can enter the LAN. If you do not take security measures for Windows PCs in the LAN, there is a high possibility that Windows PCs will be cracked immediately.

    The password for connecting to the WEB server is saved on the Windows computer. Therefore, if the Windows PC is cracked, the web server will be cracked immediately.

    If the system cannot be shut down in 24 hours x 365 days, be sure to consider a system that allows you to prepare two or more systems and stop maintenance one by one. You may do this manually, so you should regularly check for updates to network devices such as routers and Windows computers, and check the logs to see if there is any unnatural communication.

  • Answer # 2

    There is a ransomware called WannaCry that was popular a little while ago, but itthrows a vulnerability in Windowsand can infiltrate computers that do not operate anything ( JPCERT/CC).

    Of course, such a situation will not occur if the system is perfect, but sometimes dangerous remote vulnerabilities are discovered that allow certain actions to be performed remotely You may.

  • Answer # 3

    14 years ago, the virus MSBlast was infected just by being connected to the network.