Re: Can of Worms? Evil Wrong-doers?

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 06/26/03 

Date: Thu, 26 Jun 2003 10:40:33 -0400

Depends on how you do it.

First, I would be curious to know how you "published" the IP address. I
would make sure only the necessary ports are allowed in [notably TCP 80 for
HTTP] instead of allowing all of them in.

And as mentioned elsewhere, you absolutely have to configure your server and
code securely both now and continue to work to keep it secure in the future.
This involves patches, following checklists to choose the correct
configuration, considering third party add-on solutions, etc. A computer
that is secure today isn't necessarily secure tomorrow, as new issues are
discovered.

Here's a start:
http://securityadmin.info/faq.htm#harden

"Dale Francis" <DFrancis@MortgageSoftware.to> wrote in message
news:03dc01c33ba0$4bfec5e0$a401280a@phx.gbl...
> Here is a very fundamental and important security
> question: If I install a web server on my PC, am I not
> opening up my PC's or my network's folders and files to
> hackers and other evil wrong-doers?
>
> Today I installed Microsoft Personal Web Server and
> published an IP address for launching an .htm file and an
> associated CGI executable. Similarly I may have installed
> an IIS server but I didn't - same issue.
>
> Perhaps folks will access the .htm file as intended. But
> have I not potentially opened an evil can of worms? By
> publishing my PC's IP address, and maintaining a
> persistent Internet connection, it seems to me that I may
> have given unintended access to files and folders on the
> PC and/or the LAN.
>
> Can someone comment on this? How much access do outsiders
> and evil wrong-doers really have?
>
> If you are an evil wrong-doer, please disregard. Thanks,
>
> Dale Francis

Relevant Pages

  • Re: Centering and Publishing Page
    ... I have read your response to the centering of the pages many times across ... How do I "Edit"? ... (I do not have a htm file) ... am not 100% sure about publishing to the web anyway for I have only done ...
    (microsoft.public.publisher.webdesign)
  • Re: Proof of security of encryption software
    ... be trusted unless it is secure against an enemy who knows all its ... no claims for the security of any ... publishing still being secure would be the NSA, ... Because you can be certain that your enemy ...
    (sci.crypt)
  • Re: Proof of security of encryption software
    ... Kerchkoff's Law says that security doesn't change based on whether or not the method is published. ... The classic example of the lack of publishing still being secure would be the NSA, ...
    (sci.crypt)
  • Re: Publishing Workbook or Worksheet (HTML)
    ... You can send the selection of a sheet as a htm file or in the body ... >I maintain a large workbook that is used to keep track of order scheduling. ... > I've tried publishing to an HTML file but I wasn't happy with the results. ... > viewing size of this spreadsheet so when publishing users dont have to scroll ...
    (microsoft.public.excel.programming)
  • Re: Debian Investigation Report after Server Compromises
    ... >> It would be a lot less stable and secure if debian started ... >> publishing exploits. ... Peace. ...
    (Debian-User)
Loading