| View previous topic :: View next topic |
| Author |
Message |
james
-
Joined: 09 Sep 2003
Posts: 3
|
 Posted: Tue Sep 09, 2003 7:35 pm Post subject: Port 80 Security |
 |
|
hi
i have just installed the latest version of abyss and gone straight to the Gibson site for a Shields Up test and found that my status came back as FAILED due to the open port 80
doesnt this present a security problem when using abyss?
as i said im new to this so is there a way of only allowing people on my internal network to view the server and keep the world at large out?
thanks
james |
|
| Back to top |
  |
 |
os17fan
-
Joined: 21 Mar 2003
Posts: 531
Location: USA
|
| Posted: Wed Sep 10, 2003 2:38 am Post subject: |
|
|
The only way i know that can produce a security risk is if their are to many open ports not in use , if you only have port 80 open for your web server and no other ports open than you should be fine.
_________________
This web server is the best ! |
|
| Back to top |
   |
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Wed Sep 10, 2003 8:56 am Post subject: |
|
|
That's an oxymoron - you can't have open ports that aren't in use; something has to be running on your system and open them. The security risk comes from allowing public (internet) access to open ports - and hence the programs running behind them. This exposes them to unwanted attention from hackers, and leaves you open to whatever worm is currently doing the rounds. For example, running Windows NT4/2K/XP/2K3 and leaving port 135 open to the internet would be a bad idea at the moment :D
The only security risk of leaving port 80 open to the internet for your server is if a weakness is found in Abyss itself. There hasn't been any problem with it for a while, so in this respect I'd be happy to leave it open to the internet. On the other hand, if you're serving up private files and don't want to have to hide them behind wierd directory names or password protect your whole site, then there is a privacy concern of leaving it accessible from the net.
As far as I know, Abyss doesn't yet support Access Control Lists in terms of using IP addresses or only binding to your LAN adapter, so if you want to prevent it being accessed from the internet you're going to need a personal firewall. ZoneAlarm is nice simple and free. Kerio Personal Firewall is a bit more complex, but worth the effort of learning to use effectively. Either of these will let you allow access to your server from your LAN and deny access from the internet. Definitely worth installing one or the other either way - using the net without a firewall these days isn't a great idea.
www.kerio.com
www.zonealarm.com
Hope this helps. |
|
| Back to top |
|
|
os17fan
-
Joined: 21 Mar 2003
Posts: 531
Location: USA
|
| Posted: Wed Sep 10, 2003 10:48 pm Post subject: |
|
|
On a router you can have multiple open ports , have you ever heard of DMZ Host on a linksys router , i tried it and it opens all ports.
_________________
This web server is the best ! |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Thu Sep 11, 2003 8:50 am Post subject: |
|
|
If you take your router as an example, it is running a small embedded operating system and some kind of routing software. When you create your DMZ the software will be responsible for opening and closing ports - a piece of software has still opened a port; the routing software is listening on that port and ready to handle incoming traffic.
Either way, opening a DMZ still doesn't open all ports, it just allows unrecognized traffic to pass freely over all ports. If you port scan a router that has a machine in a DMZ then it will just pass all the traffic not matching other NAT rules on to the machine in the DMZ - if that machine has closed ports, the ports will still appear closed to the outside world... |
|
| Back to top |
|
|
|
