Allowing firewall exceptions on Port 80 - dangerous?
-
- Posts: 26
- Joined: September 18th, 2003, 9:03 pm
Allowing firewall exceptions on Port 80 - dangerous?
I am running IIS on my XP machine and Windows Firewall was blocking other users on the network form viewing the site in my IIS home directory. I allowed an exception on port 80 and this fixed the problem. What I am unsure of is how much I am opening myself up threatwise allowing port 80 as an exception. Any ideas?
- Rowne Mastaile
- Posts: 1434
- Joined: December 21st, 2003, 3:05 pm
- Location: Housed in a swirling neosma of scintillating thought and turgid ideas.
- Contact:
Well, from a personal standpoint I'd say it all comes down to how smart a trojan is and whether you'd get one on your system. At least, as far as security threats go.
I'm not sure how secure IIS is but disregarding IIS for a moment, I'd say the only way you could really be invaded then is through IE/Outlook or a trojan that used port 80.
However...
I recommend strongly using a firewall that allows you to set per application rules. There's a lot of programs out there, including spyware/malware that use port 80 to transmit. Sure you can uninstall them as soon as they're on your system but they'll still get off that initial transmission and who knows what they're sending.
Could be anything from your current processes, to your cookies or even a tree of the hard disk it's on. One never knows. So from a privacy standpoint I don't like having port 80 open at all and I only open it for the applications that need it.
I'd say privacy is the biggest issue here, over security.
-Edit-
Oh and yes, I really am that paranoid.
I'm not sure how secure IIS is but disregarding IIS for a moment, I'd say the only way you could really be invaded then is through IE/Outlook or a trojan that used port 80.
However...
I recommend strongly using a firewall that allows you to set per application rules. There's a lot of programs out there, including spyware/malware that use port 80 to transmit. Sure you can uninstall them as soon as they're on your system but they'll still get off that initial transmission and who knows what they're sending.
Could be anything from your current processes, to your cookies or even a tree of the hard disk it's on. One never knows. So from a privacy standpoint I don't like having port 80 open at all and I only open it for the applications that need it.
I'd say privacy is the biggest issue here, over security.
-Edit-
Oh and yes, I really am that paranoid.
- GNU/Ben
- Posts: 1557
- Joined: November 5th, 2002, 1:45 pm
- Location: 127.0.0.1
- Contact:
If you're worried about security, drop ISS now and get Apache. As for port 80, I personally don't see a problem except for ISS.
"When you say 'I wrote a program that crashed Windows', people just stare at you blankly and say 'Hey, I got those with the system, *for free*'."
-- Linus Torvalds
Gentoo: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20041210 Firefox/1.0
-- Linus Torvalds
Gentoo: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20041210 Firefox/1.0
-
- Posts: 16224
- Joined: March 9th, 2003, 8:12 am
- Frenzie
- Posts: 2135
- Joined: May 5th, 2004, 10:40 am
- Location: Belgium
- Contact:
- Rowne Mastaile
- Posts: 1434
- Joined: December 21st, 2003, 3:05 pm
- Location: Housed in a swirling neosma of scintillating thought and turgid ideas.
- Contact:
I support the Apache move, I run Apache here and it's very secure, it's also incredibly easy to use (I can help you set it up, if you like) and due to its incredible support of PHP (and circularly, MySQL), I reckon it makes the best server -- even on the Windows platform.
I still say that you're not free of privacy worries though without a good software firewall stopping those bits of spyware from transmitting who-knows-what.
I still say that you're not free of privacy worries though without a good software firewall stopping those bits of spyware from transmitting who-knows-what.
- Frenzie
- Posts: 2135
- Joined: May 5th, 2004, 10:40 am
- Location: Belgium
- Contact:
I've written a little tutorial on setting up Apache & MySQL, but of course you can also get something like http://apache2triad.sourceforge.net/