Are open ports dangerous?
I have forwarded port 80 to WAMPServer and 25565 to the MineCraft-server running Bukkit.
Am I vulnerable to attacks. Can hackers attack me if WAMP-server is running or if it is not running, or will it be easier to hack me than if I hadn't opened the port at all? I have tried to learn about how people hack and how to protect myself from it. Do you know where I can read about it?
In addition to the answer below, you should assess what vulnerabilities exist specifically for WAMP and Minecraft and make sure you are running latest versions/patches.
So if the code in the MCServer is completely free of security-holes, then no one just running MineCraftServers on their computers, would be hacker safe? And if you find a vulnerability in the servers code, then you'd be able to hack ALL servers running Bukkit MineCraftServer?
What I'm saying is that to assess your risk, you must identify your vulnerabilities. These include not only the OS but all services that are directly or indirectly accessible. If there is a hole in MC software, then in all probability yes, those servers running the affected version would be vulnerable until the software is patched or a workaround put in place. There will always be 0-day exploits though which is why Jeff's comments on minimizing your attack surface are on the money.
Thanks! But I thought that only ONE process/service could listen at a port at one time? And are there more vurnerabilities than the ones potencially made by the softwares running on the server with open ports in to them?
You're correct, only one process handles a port at a given time. Not sure what I said made it seem otherwise. Trying not to start a discussion - bottom line is you should focus on the ports that are open (accessible via Internet), however a box on the internet should be hardened in part by removing any unnecessary software/services. Yes - If I gain access to your box via a bug in MC, I could potentially escalate my privileges by attacking another service that is not necessarily exposed through the firewall since I'm already on the box.
You didn't state otherwise, I just removed something before I posted, so it looked a bit odd. So, if you use a vurnability on the server, you could access other services/processes on the server and potencially download your own virus/trojan horse/other code and run it on the server?
I have forwarded port 80 to WAMPServer and 25565 to the MineCraft-server running Bukkit. (http://www.bukkit.org/)
I assume that you're talking about forwarding those ports from a router / firewall / NAT box to your own machine rather than forwarding them to some off-site instance. Usually we call this "opening" a port.
Am I vulnerable to attacks. Can hackers attack me if WAMP-server is running or if it is not running, or will it be easier to hack me than if I hadn't opened the port at all?
Yes, you are more vulnerable by running a service than by not running a service. Adding more services increases attack surface. That doesn't mean by that you're vulnerable by definition, but an increased attack surface increases is one of the factors that increases your risk.
I have tried to learn about how people hack and how to protect myself from it. Do you know where I can read about it?
The more time I spend here, the greater resource I find this site to be. I've never found a really good comprehensive guide to how to be secure. There are books like the Hacking Exposed series that talk about a lot of technical aspects to security and some of the mindset. As much as the CISSP might be railed upon, trying to study up for that exposes one to most of the different knowledge domains that a professional should be aware of. I think that reading questions on this site is a great way to learn.
The challenge is that security is a mindset. The technology and even some of the fundamentals of it are an evolving realm. You learn by exposing yourself through trial and error. It is helpful to make as much of that exposure as possible vicarious -- learn from others' mistakes.
Security as an equation works like this:
- Decide what you need to offer -- you have a need to provide something with a WAMP server and Minecraft game server.
- Limit everything you don't need to offer and do it in depth.
When I say in depth, I mean that only offering those services is a start. Try to make sure that the programming code on your website is written securely. Then, pretend it has been compromised and consider what can happen from there. Is the Apache process prevented by the operating system controls from writing files anywhere? Do you have a method to detect compromise? Keep asking those questions and finding layers of answers so that if you are hacked, you mitigate your risk.
So is running a computer with NO Firewall and NO services more secure than a firewalled computer with an open port with a running service on that port? I ask because when I first got here I found an older freebsd server we had that had no firewall or packet filter and the answer I got from the sysadmin at the time was 'Well, if no services are running, what's the point?'
@RyanM: Most likely. It is possible for the OS to handle things poorly, though. The "Ping of Death" was an OS flaw. I don't know if it would work on closed ports -- a fragmented SYN may or may not have immediately triggered a FIN response. That also leaves ICMP stack vulnerabilities as a possible attack surface. Thus, even a machine with no services exposed can benefit from a firewall. That said, the cost / benefit on fire-walling that machine might not be worth much.
So the vurnability lies in the programs listening to the ports? I don't know about how you hack, but if someone send a request to the Wamp-server that do something it shouldn't, the hackers could for example run PHP-code on the server to hack me? In other words: If you have a program listening on port 81, and all it does is output "Hello world!" whenever it get an input, then that would be completely hacker safe? Thanks! :)
Yes and yes, with the caveat that "yes" means, "Extremely likely, but there's an infinitesimal chance of some edge case."
Yepp, so this last case with "Hello world!" is the highest security you could get? I mean, are there any holes to cover in the OS for example? Or are you safe if you make a 100 % safe application to handle the requests?
@50ndr33 See my first comment on this answer -- an OS flaw in handling the network stack can be an issue.