chipKIT® Development Platform

Inspired by Arduino™

Is the security of a web server a concern?

Created Mon, 24 Aug 2015 17:31:23 +0000 by w5uxh


w5uxh

Mon, 24 Aug 2015 17:31:23 +0000

I am starting to work with the WF32 web server example from Digilent. I have forwarded port 80 to the WF32 on my local network.

Are there any concerns I need to be aware of where the outside world could connect to the WF32 through the web server and find a way to the Mac and / or Windows machines on my network?


rasmadrak

Thu, 24 Sep 2015 21:15:51 +0000

Yes, same as with any network. But it depends on what you intend to do with it. Let's say your using the webserver to access door locks from the outside...that would be a very bad idea to do without proper safety.

In your case - Say that all machines are connected through a local network that is reachable from the outside. All machines are therefor possibly at risk from the outside since the devices doesn't have to understand or process malicious code (if done "right") to spread it to other machines. This mean any device capable of sending and receiving IP-packets is at risk - and is a risk in itself.

TL;DR - If the network is reachable from the outside - it must be protected.


w5uxh

Thu, 24 Sep 2015 21:31:59 +0000

Thanks for the comments. When I played with the port 80 requests for a bit, I noticed lots of "probes", some looking for "ram-0" or "rom-0" or something similar and learned from google that is a probe for a potential weakness in routers, but it was enough to scare me off.

After deciding I would not be comfortable enough running the web server for control of my device, I took an alternate route. The specific function is to allow others to control a program running in the PIC32. The program is reading text from the SD card and sending "Morse Code" to a desktop sound card which streams it to a Mumble server. I want "listeners" who are using it for practice to be able to control the speed, and the selection of text etc.

It would be fun to learn how to do that with a web server, but instead, I am letting them do it by sending very simple commands back over the full duplex audio stream.