MozillaZine

Allowing firewall exceptions on Port 80 - dangerous?

Discuss various technical topics not related to Mozilla.
no_dice
 
Posts: 26
Joined: September 18th, 2003, 9:03 pm

Post Posted May 23rd, 2004, 8:12 pm

I am running IIS on my XP machine and Windows Firewall was blocking other users on the network form viewing the site in my IIS home directory. I allowed an exception on port 80 and this fixed the problem. What I am unsure of is how much I am opening myself up threatwise allowing port 80 as an exception. Any ideas?

Rowne Mastaile

User avatar
 
Posts: 1434
Joined: December 21st, 2003, 3:05 pm
Location: Housed in a swirling neosma of scintillating thought and turgid ideas.

Post Posted May 23rd, 2004, 10:11 pm

Well, from a personal standpoint I'd say it all comes down to how smart a trojan is and whether you'd get one on your system. At least, as far as security threats go.

I'm not sure how secure IIS is but disregarding IIS for a moment, I'd say the only way you could really be invaded then is through IE/Outlook or a trojan that used port 80.

However...

I recommend strongly using a firewall that allows you to set per application rules. There's a lot of programs out there, including spyware/malware that use port 80 to transmit. Sure you can uninstall them as soon as they're on your system but they'll still get off that initial transmission and who knows what they're sending.

Could be anything from your current processes, to your cookies or even a tree of the hard disk it's on. One never knows. So from a privacy standpoint I don't like having port 80 open at all and I only open it for the applications that need it.

I'd say privacy is the biggest issue here, over security.

-Edit-

Oh and yes, I really am that paranoid.

GNU/Ben

User avatar
 
Posts: 1557
Joined: November 5th, 2002, 1:45 pm
Location: 127.0.0.1

Post Posted May 24th, 2004, 4:29 am

If you're worried about security, drop ISS now and get Apache. As for port 80, I personally don't see a problem except for ISS.
"When you say 'I wrote a program that crashed Windows', people just stare at you blankly and say 'Hey, I got those with the system, *for free*'."
-- Linus Torvalds
Gentoo: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20041210 Firefox/1.0

Dunderklumpen
 
Posts: 16224
Joined: March 9th, 2003, 8:12 am

Post Posted May 24th, 2004, 4:32 am

I second that. Drop IIS and get Apache.

Frenzie

User avatar
 
Posts: 2036
Joined: May 5th, 2004, 10:40 am
Location: Belgium

Post Posted May 24th, 2004, 4:56 am

I'm not entirely sure about IIS, but I would only open up port 80 for Opera, Firefox, your personal webserver and maybe some other programs, but nothing more.

Rowne Mastaile

User avatar
 
Posts: 1434
Joined: December 21st, 2003, 3:05 pm
Location: Housed in a swirling neosma of scintillating thought and turgid ideas.

Post Posted May 24th, 2004, 8:26 am

I support the Apache move, I run Apache here and it's very secure, it's also incredibly easy to use (I can help you set it up, if you like) and due to its incredible support of PHP (and circularly, MySQL), I reckon it makes the best server -- even on the Windows platform.

I still say that you're not free of privacy worries though without a good software firewall stopping those bits of spyware from transmitting who-knows-what.

Frenzie

User avatar
 
Posts: 2036
Joined: May 5th, 2004, 10:40 am
Location: Belgium

Post Posted May 24th, 2004, 8:40 am

I've written a little tutorial on setting up Apache & MySQL, but of course you can also get something like http://apache2triad.sourceforge.net/

Return to MozillaZine Tech


Who is online

Users browsing this forum: No registered users and 2 guests