Re: Web Server behind ZoneAlarm?
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Web Server behind ZoneAlarm?

From: Anthony <amartin@whoever.com>
Date: Thu Nov 03 2005 - 21:32:11 CET



Thanks to all who replied to my posting. I should clarify what I meant


by "web server". I don't want to run a full-blown web server like IIS.


All I want is to install a webcam software with an internal web server


so that I can keep an eye on my home from work. In fact the web server


will be password-protected. Given this information, do I still have to


open port 80 in ZoneAlarm? And, if so, what risks are involved?



thanks



Brian Cryer wrote:


> "Anthony" <amartin@whoever.com> wrote in message


> news:1131018827.223584.183530@g47g2000cwa.googlegroups.com...


> >I recently subscribed to a cable broadband connection and want to run a


> > web server on my XP machine. I am already running ZoneAlarm Pro. What


> > do I have to do to allow access to my web server without unreasonably


> > compromising security? From what I read, I have to open port 80 in


> > ZoneAlarm, but how does this affect security?


> >


> > thanks


>


> A hardware device (NAT router) is preferable to ZoneAlarm. In theory I don't


> see anything wrong with using ZoneAlarm, but it/you may have opened ports


> for other services that you don't want exposed to the internet. When I went


> broadband at home and put in a NAT router (as well as enabling me to share


> broadband between pcs) I observed that the number of attacks zone alarm


> detected dropped to zero and stayed there.


>


> Back to your question, yes, it should be just port 80. However broadband


> providers vary and I gather that some block port 80 to prevent you from


> running a webserver. This isn't an issue, it just means you move to a


> different port. You will also need a way of allowing others to identify your


> pc on the internet. If your ip address is static then this won't be a


> problem but if it changes (or isn't guaranteed as static) then you'll save


> yourself a lot of agro by signing up for a dynamic dns service - take a look


> at www.no-ip.com, their free service is great.


>


> Something else to remember with broadband is that the upload speed is much


> much slower than your download speed. This means that it probably won't be


> suitable for web hosting if you get more than a couple of visitors at a


> time. So fine for a small hobby site or as a "play thing", but not much


> else.


> 


> Hope this is useful.


> -- 


> Brian Cryer


> www.cryer.co.uk/brian


Received on Mon Nov 21 02:38:52 2005