Open port 80, security issues?

  • Thread starter Thread starter Bjorn Sagbakken
  • Start date Start date
B

Bjorn Sagbakken

Hi.

This might not be the right forum for my question, but still I throw it out:

I have just succeeded in publishing my ASP.NET web application on my own PC,
opening port 80 in/out in my firewall, so now it is accessable from
internet. It is running on IIS own WinXP.

So far I haven't exeperienced any problem, but are there actions I should
take to secure my PC against hackers, now that port 80 is open? Like add-on
s/w or other smart stuff?

Thanks.

Regards
Bjorn
 
I don't believe so...but bare in mind Im no expert...

As long as your filewall stops access to all those other things you dont
want people having access to....like say sql server or whatnot...

Make sure you got all the latest service packs etc

The security holes will come in from your code so as long as your have
security holes in it like sql injection and protection from brute force
stuff...Then make sure your IIS settings has only the minimum access that
your application needs and I think you are safe..

http://httpsentry.httpsentry-com.qarchive.org/ <-- I just googling and found
this, I cannot verify the product is of use, but if you google all the
things it claims to report on, you will know well enough...

Anyone else know?
 
Bjorn Sagbakken said:
Hi.

This might not be the right forum for my question, but still I throw it
out:

I have just succeeded in publishing my ASP.NET web application on my own
PC, opening port 80 in/out in my firewall, so now it is accessable from
internet. It is running on IIS own WinXP.

So far I haven't exeperienced any problem, but are there actions I should
take to secure my PC against hackers, now that port 80 is open? Like
add-on s/w or other smart stuff?
Click to expand...

1) Win XP is not a Web server platform, and you shouldn't be exposing a
workstation to the Internet. If you're going to do such a thing, the you
should be using Win 2k3 server, which is a Web server platform.

2) If the O/S, file system, registry, user accounts, and IIS itself are not
secured/harden to attack, then all you have is hack bait that can be used as
a jumping off point to attack other Web servers and other networks over the
Internet from your computer There are entire books used by professionals,
and they can hardly secure the Win NT based O/S platform facing the
Internet.

3) I'll assume you're talking about XP's firewall or some 3rd party personal
firewall. They are not firewalls. They are machine level packet filters. A
firewall separates two networks. It protects from the network it's
protecting from usually the Internet, and it protects the network it's
protecting the LAN. I firewall must have at least two interfaces. One
interface must face the WAN/Internet and the other interface must face the
LAN. In the case of a software firewall solution running on secured gateway
host computer, the host computer will have at least two network interface
cards (NICS) with one facing the WAN and the other one facing the LAN.

http://www.vicomsoft.com/knowledge/reference/firewalls1.html

The list is long as to what you should being doing that you don't have the
expertise to do.

I hate to be blunt about it, but I think you have put up hack bait that has
already been hacked, and you don't know about it.
 
Mr. Arnold said:
1) Win XP is not a Web server platform, and you shouldn't be exposing a
workstation to the Internet. If you're going to do such a thing, the you
should be using Win 2k3 server, which is a Web server platform.
Click to expand...

At the moment I am only testing, but I take your advise, so if the
appliaction ends up more permanently I will set up a different machine with
Win 2k3
2) If the O/S, file system, registry, user accounts, and IIS itself are
not secured/harden to attack, then all you have is hack bait that can be
used as a jumping off point to attack other Web servers and other networks
over the Internet from your computer There are entire books used by
professionals, and they can hardly secure the Win NT based O/S platform
facing the Internet.
Click to expand...

Scary stuff, indeed. But of course, that was the reason I asked.
3) I'll assume you're talking about XP's firewall or some 3rd party
personal firewall. They are not firewalls. They are machine level packet
filters. A firewall separates two networks. It protects from the network
it's protecting from usually the Internet, and it protects the network
it's protecting the LAN. I firewall must have at least two interfaces.
One interface must face the WAN/Internet and the other interface must face
the LAN. In the case of a software firewall solution running on secured
gateway host computer, the host computer will have at least two network
interface cards (NICS) with one facing the WAN and the other one facing
the LAN.

http://www.vicomsoft.com/knowledge/reference/firewalls1.html

The list is long as to what you should being doing that you don't have the
expertise to do.

I hate to be blunt about it, but I think you have put up hack bait that
has already been hacked, and you don't know about it.
Click to expand...

Thanks for the information. I will also check with my company's it-personell
about the best approach for securing a
personal web server, like a host computer or a recommended s/w firewall.

Bjorn
 
Back
Top