Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

HTTP protocol  RSS feed

 
Pradeep bhatt
Ranch Hand
Posts: 8933
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Why is that HTTP port is kept open in firewalls and not other ports. Can someone explain me abtout the security issues involved.
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Wow. How many days do you have to read a reply detailing "the security issues involved"?
Briefly, then: first off, HTTP isn't always open; many networks use a proxy to connect HTTP clients to the outside world. Second, HTTP tends to be open because HTTP is the single most popular service ordinary mortals need from other computers outside the LAN. To give a couple of other examples, your SMTP/POP/IMAP (i.e. mail) server typically sits inside the firewall and doesn't need to be open. An NNTP (news) server sometimes sits inside the firewall, is sometimes proxied, sometimes open, and some sites don't allow NNTP full stop. Jabber and other P2P protocols, like HTTP, need to access the outside world but unlike HTTP they are usually regarded as non-critical or even dangerous and summarily disabled.
The funny thing is now that people are starting to tunnel all kinds of other stuff through HTTP, such as remote procedure calls (SOAP/HTTP, anyone?), because it can go through firewalls. To some extent, this reintroduces the problem that firewalls were created to solve: the exposure of uncontrolled and poorly secured services to the whole world. I'm waiting for firewalls to inspect HTTP packets for illicit SOAP traffic. Or perhaps they already do.
Oh well.
- Peter
[ July 20, 2002: Message edited by: Peter den Haan ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!