Date: Wed, 19 Jan 2005 23:20:34 -0800 From: pete wright <nomadlogic@gmail.com> To: Jay O'Brien <jayobrien@att.net> Cc: FreeBSD - questions <questions@freebsd.org> Subject: Re: Security for webserver behind router? Message-ID: <57d710000501192320dbce397@mail.gmail.com> In-Reply-To: <41EF4A34.4020808@att.net> References: <41EE0A7B.0@att.net> <200501200009.01258.list-freebsd-2004@morbius.sent.com> <41EF1C10.2090106@att.net> <1493773909.20050120042307@wanadoo.fr> <41EF4A34.4020808@att.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 19 Jan 2005 22:05:40 -0800, Jay O'Brien <jayobrien@att.net> wrote: > Anthony Atkielski wrote: > > > Jay O'Brien writes: > > > > JOB> Thanks, but what I want to know is what risk I have with port 80, > > JOB> and only port 80 open. > > > > The risk depends on Apache, since that's the daemon answering the phone > > when someone calls in on port 80. > > > > Just make sure you're using the latest version of Apache (1.3.33, if you > > want the 1.x version, or 2.0.52, if you want the 2.x version). Some > > earlier versions are vulnerable. As long as Apache is secure, port 80 > > can be open. > > > > I am running Apache 1.3.33, as you suggest I should. You say "as long as > Apache is secure"; what should I do to be sure that Apache is secure? > > If there isn't a security risk with the FreeBSD system I've described, > maybe this question belongs on the Apache mailing list, not here? > If you are interested in learning about how FreeBSD works, and am concerned about security (which frankly are two good things to be concerned with) then your best bet is to check the man pages as well as the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html (all good things to read) strictly speaking, by opening a port and exposing a service, an attack vector is created which someone could use against you. the best way to deal with this is to know what applications you are running to monitor them. as of now though there does not seem to be an open security hole with that version of apache...altho who knows what will happen tommorow. HTH -pete -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57d710000501192320dbce397>