port 80 security

[habilis]

The only port I have open is 80, all others are firewalled. I want to make files available for download to my clients, right off my machine. I was just wondering if this is secure. The url, which is basically just my ip, is not public, and will be emailed out to a number of people who can decide to download a file or not.

 

[rbuenger]

First you should know that using an unknown IP adress doesn't help much. Most worms, tools and so on just scan randomly through all available IPs. So this wouldn't help you. Your security mainly depends on how secure your webserver is. Just keep your webserver up to date and apply all security fixes helps a lot and keeps it save.

And you should get a book (or tutorial in the net) how to configure the webserver (Apache as installed per default). You can for example bloch access for whole IP ranges to the server if you know who should be able to use it. Just allow all theit possible IPs if the get them dynamicaly and deny the rest.

And don't use insecure CGI's or other modules. And maybe you would like to install a NIDS . HenWen is a wonderful package including snort. But most importing is read the manuals