farnoise Posted April 5, 2010 Share Posted April 5, 2010 Hi, I have a quick question I hope you guys can help me, I'm writing a report on Tomcat and Apache server but there is something that I really don't know about. I wonder if anyone can help me the Security disadvantages of HTTPD.exe service on a local network(The network that is connected to the Internet through a Gateway imagine a big company's network), first of all can any one access my HTTPD.exe to send spam emails to the global address book and secondly what are the real critical risks of having this service unable on our network? Thank you all for you helps Quote Link to comment Share on other sites More sharing options...
farnoise Posted April 5, 2010 Author Share Posted April 5, 2010 PS: I know its too much to ask but could you please provide any references and or reasons for your responds. Regards Quote Link to comment Share on other sites More sharing options...
andrewgauger Posted April 5, 2010 Share Posted April 5, 2010 Httpd is a web service, not an SMTP service. If you want to keep spam down, look into shutting down sendmail Without a web service such as HTTPd or IIS, how would a company have an intranet? Who doesn't have one? Httpd is not a security concern. Poorly written software on a webserver IS the security concern. Source: Andrew Gauger Quote Link to comment Share on other sites More sharing options...
farnoise Posted April 5, 2010 Author Share Posted April 5, 2010 I understand that is not a security concern but the problem is our company's IT HQ is asking us to shut down our Apache server, cuz they think this module is a security concern, plus the main reason that I started this server in my Division was I needed a mail() function to deploy couple emails everyday to some people. So now I have to come up with a report to prove that it's not a BIG DEAL really just a simple module Regards Quote Link to comment Share on other sites More sharing options...
andrewgauger Posted April 5, 2010 Share Posted April 5, 2010 Why not shut it down and just use php and sendmail? That way you are doing what they want and getting what you want. Quote Link to comment Share on other sites More sharing options...
farnoise Posted April 5, 2010 Author Share Posted April 5, 2010 Sorry but if I'm not misunderstood, You mean why I'm not using PHP's send mail function? Well this is the main reason that I have this server up and running because we don't want to use outside sources and we don't want to open any port to outside word so I have this server up and running then we can have all transitions inside our network, And it's clearly visible that there is absolutely no security concern with this method but it's just the IT security Div, are overreacting. btw I guess I got my answer from your first post, I just need to clarify that this is not a SMTP service I really appreciate your helps Andrew and thanks again Arad Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.