如何打开端口是一个安全问题? [英] How opening a port is a security concern?
问题描述
在我的Windows窗体应用程序中
1.我正在打开一个端口(通过在给定范围内找到随机自由端口)
2.在该端口上启动HttpListener
3.创建请求并作为响应从我的文件系统获取文件流(来自
HD)
4.所以同时端口是打开的,有一个服务在它上运行,这只是一个
HttpListener监听特定格式的请求(http:// localhost:5000 ... 。)。
5.应用程序关闭后,端口不再打开。
6.这意味着在端口打开之前,服务正在运行。
所以我想了解的是,上述场景是否存在黑客的安全风险。
我知道打开一个端口可以提供更广泛的威胁区域但是如果一个没有提供任何东西的服务在它上面运行直到它打开,那么这也是一个安全隐患。
谢谢和问候,
Shubhanshu
In my windows form application
1. I am opening a port (by finding a random free port in a given range)
2. Starting a HttpListener on that port
3. Creating requests and as a response getting file streams from my file system (from
HD)
4. So meanwhile the port is open there is a service running on it which is nothing but a
HttpListener listening to a request of a specific format (http://localhost:5000....).
5. As soon as the application is closed the port is no longer open.
6. This means till the port is open a service is running on it.
So what I want to understand is, whether the above mentioned scenario is a security risk from hackers point of view.
I know opening a port is giving a wider area for threat but if a service which doesn't give anything out is running on it till it is open, than also it is a security risk.
Thanks & Regards,
Shubhanshu
推荐答案
当你在你的系统中打开一个端口,你必须考虑两件事......
1.通过该端口可以访问什么资源
2.谁可以访问这些资源
所以,是的,端口开放是一个安全风险,你应该这样处理...
考虑为你的服务增加一些安全性,比如用户名密码和/或证书,也可能是加密...
如果端口号可以基于计算也可以是好的 - 这将使您能够旋转端口号而不放弃它。 。
When you open a port into your system, you have to consider two things...
1. What resource can be accesses via that port
2. Who can access those resources
So, yes a port opening is a security risk and you should handle it as such...
Consider to add some security to your service, like user-name-password and/or certificate and maybe encryption too...
It also can be good if the port number can be based on a computation - that will enable you to rotate the port number without giving it away...
我不是安全专家,这里有人,对这个话题更有信心。但是,请给你一些想法:
你能确定,你不能损坏系统在给定端口上调用你的应用程序吗?
无效的格式化请求怎么样?请记住,你在这里有一些硬盘接入电话。
短时间内(也就是dos)接听电话的质量如何?
I am not a security expert and there are people here, that are much more confident in this topic. But let give you some thoughts:
Can you be sure, that you cannot "damage" your system calling your application on the given port?
How about invalid formatted reuests? Keep in mind, that you have some hdd access calls here.
How about massiv number of calls in short time (aka dos)?
这篇关于如何打开端口是一个安全问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
