Allowing firewall exceptions on Port 80 - dangerous?

Discuss various technical topics not related to Mozilla.
Post Reply
no_dice
Posts: 26
Joined: September 18th, 2003, 9:03 pm

Allowing firewall exceptions on Port 80 - dangerous?

Post by no_dice »

I am running IIS on my XP machine and Windows Firewall was blocking other users on the network form viewing the site in my IIS home directory. I allowed an exception on port 80 and this fixed the problem. What I am unsure of is how much I am opening myself up threatwise allowing port 80 as an exception. Any ideas?
User avatar
Rowne Mastaile
Posts: 1434
Joined: December 21st, 2003, 3:05 pm
Location: Housed in a swirling neosma of scintillating thought and turgid ideas.
Contact:

Post by Rowne Mastaile »

Well, from a personal standpoint I'd say it all comes down to how smart a trojan is and whether you'd get one on your system. At least, as far as security threats go.

I'm not sure how secure IIS is but disregarding IIS for a moment, I'd say the only way you could really be invaded then is through IE/Outlook or a trojan that used port 80.

However...

I recommend strongly using a firewall that allows you to set per application rules. There's a lot of programs out there, including spyware/malware that use port 80 to transmit. Sure you can uninstall them as soon as they're on your system but they'll still get off that initial transmission and who knows what they're sending.

Could be anything from your current processes, to your cookies or even a tree of the hard disk it's on. One never knows. So from a privacy standpoint I don't like having port 80 open at all and I only open it for the applications that need it.

I'd say privacy is the biggest issue here, over security.

-Edit-

Oh and yes, I really am that paranoid.
User avatar
GNU/Ben
Posts: 1557
Joined: November 5th, 2002, 1:45 pm
Location: 127.0.0.1
Contact:

Post by GNU/Ben »

If you're worried about security, drop ISS now and get Apache. As for port 80, I personally don't see a problem except for ISS.
"When you say 'I wrote a program that crashed Windows', people just stare at you blankly and say 'Hey, I got those with the system, *for free*'."
-- Linus Torvalds
Gentoo: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20041210 Firefox/1.0
Dunderklumpen
Posts: 16224
Joined: March 9th, 2003, 8:12 am

Post by Dunderklumpen »

I second that. Drop IIS and get Apache.
User avatar
Frenzie
Posts: 2135
Joined: May 5th, 2004, 10:40 am
Location: Belgium
Contact:

Post by Frenzie »

I'm not entirely sure about IIS, but I would only open up port 80 for Opera, Firefox, your personal webserver and maybe some other programs, but nothing more.
User avatar
Rowne Mastaile
Posts: 1434
Joined: December 21st, 2003, 3:05 pm
Location: Housed in a swirling neosma of scintillating thought and turgid ideas.
Contact:

Post by Rowne Mastaile »

I support the Apache move, I run Apache here and it's very secure, it's also incredibly easy to use (I can help you set it up, if you like) and due to its incredible support of PHP (and circularly, MySQL), I reckon it makes the best server -- even on the Windows platform.

I still say that you're not free of privacy worries though without a good software firewall stopping those bits of spyware from transmitting who-knows-what.
User avatar
Frenzie
Posts: 2135
Joined: May 5th, 2004, 10:40 am
Location: Belgium
Contact:

Post by Frenzie »

I've written a little tutorial on setting up Apache & MySQL, but of course you can also get something like http://apache2triad.sourceforge.net/
Post Reply