Network Security Question

Hello everybody. I just used my router to create a virtual server rule that forwards external requests to a server that hosts a webserver. The public port is 80 and the private port is 80. Does anybody see a security problem with this?

I am concerned that I have opened my network to outside attacks.

Thanks,

Keyser

 

Simple, if your concerned about outside attacks, why did you do this, why didn't you assign one of those ports to another port !

Rusty !

 

I am a little confused. What is the difference between public and private ports? How should I set it up?

Thanks!

 

Basically if you don't have sufficient firewall settings, you are more susceptable to attacks, i mean, if you are going ahead with this then make sure you are really secure !
Do you really want someone to be able to access, modify, or delete anything and everything in your home directory, and all of your email, or even access your computer at all for that matter, IMHO, whats yours is yours and should stay private !
I mean , i maybe wrong, but, i don't think so !

Rusty !

 

So if I forward a port to a specific IP/computer and port. How is easy is it for someone to game access to other computers/servers on the network? Is there a best practice for setting something like this up? This is for a small business network.

 

Hi keyser318,

Even though port 80 is redirected to a different port, the network can still be hacked.

We used a sonic hardware firewall at my last job. It connects between the router and the local network switch.

here's their demo http://sonicos-enhanced.demo.sonicwall.com/main.html

Techsent

 

The list looks great. I know how to do some of these things, but am not sure how to do all of them. Is there some resource that contains the actual steps to accomplish these tasks? Or contains links to accomplish these tasks?

I know enough to be dangerous about some of these things, but not enough to know how to accomplish all those things.

A couple of other questions:

Can Windows XP home be used on a system and made secure?

Since we are not talking about many computers that will need to connect remotely, is there any independent authentication service that we can install on each machine that will be connecting so that the authentication is nearly impossible to spoof?

Thanks,

Keyser318

 

In addition to hardening your OS, if your router supports it, you could DMZ the server you're using to host the web services... That would isolate it from the other computers on your internal network. That's an added layer of protection--should the web server get owned, they still need to work back through the router to your internal network.

Reference:
http://en.wikipedia.org/wiki/DMZ_(computing)