I'm not shy to admit that I'm new to security, but I am making my best attempt at keeping my servers safe. I'm running vsftpd and I've read that passive mode should be used instead of active mode (or PORT mode) instead due to securtity issues. The only problem I have with this is that in order to use passive mode, I need extra ports open on my router.
This is assuming that only forwarding used ports to the server is a good idea (ports 21, 22, 80, 110 ...). All of the others I deny. However, if I have to now forward around 1000 ports to my server, that might not have a service attached, in order to use passive mode?
Is this correct? Wouldn't this be a security issue to worry about? Would I have to put my linux machine past the router and setup a linux firewall to protect my server? Are unused ports open to the public a security hazard?
-M
Start Free Trial
