![]() LiteSpeed is a drop-in replacement for Apache with. Apache is not part of the OS.At the beginning of 2019, Hostinger decided to try LiteSpeed Web Servers (LSWS) as the main web server instead of Apache. We're not disagreeing except perhaps in the definition of OS. >But, you could hypothesize all sorts of ways that the application you do have listening on those ports could have a flaw Using an app to reach the OS is not the same as reaching the OS directly. So an http exploit is not an OS exploit, it's an application exploit, which I talk about. If you are really asking about port 80 and port 443 without using a DMZ you should really get some professional advise and assistance. Hosting is so cost effective now days, and it also removes the hardware maintenance burden from you, as well as the bandwidth suck on your internet service, increases your uptime and you don't have to deal with hardware failures that would drop your website to keep you up at night. Then, no worries about a penetration getting to your network through your web site. I agree with JeffLew07, if you can, get your web site hosted and off your network entirely. In the meantime this is a good baseline: Opens a new window they offer a chrome extension that can scan sites via your browser when visited. Plenty of applications these days can give you lists of vulnerabilities and remediation processes for each. If you have a public application with these ports open you should be pentesting it. There maybe similar security loopholes that were patched in most modern OSe but if the web server is not properly handled by the admins (running lots of 3rd party software or not patched etc).Įspecially in these modern "insecure" days, nobody can put a "definite no" but to take certain additional measures for prevention. Not really true as there were Apache Daemon http exploits in the past where hackers may remotely execute scripts via C or Java backdoors to change ssh ports, disable firewalls, enable ports or disable security features. ![]() And so on.Ī DMZ where you open every port up anyway just to make something work isn't worth the bother. ![]() But you accept that it could download your entire database. If you're reading from a database, you're putting the info out there anyway, so that's not much risk. And you control the access to the LAN to provide only the functions you're willing to let be compromised. (Because of the above paragraph.) You open up just enough for incoming queries from the WAN. The idea of the DMZ, in this case, is to limit the server's access to your network, not limit the application. You don't have to read much to see how common that is. In other words, if your web server can read and write files, so can something that can take over your web server. Then, you could talk to the server because that's what the application is allowed to do. If the OS doesn't present any functions on those ports, you can't talk to the OS through those ports.īut, you could hypothesize all sorts of ways that the application you do have listening on those ports could have a flaw that allowed you to become that application. My main concern is: Can a person use the open ports 443 and 80 to gain access to my actual windows server instance? And then use the server instance to gain access to other subnets on my network. The bottom line: you should at a minimum have it located in a DMZ separated from the rest of your network. Does it have a database backend or scripted? ![]() A lot of it depends on the server and what kind of site you're running.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |