堆栈内存溢出
  简体   繁体   English

如何保护在开放端口上侦听,发送和接收的python套接字?

[英]How to secure a python socket listening, sending and receiving on an open port?

 原文  2019-06-29 09:15:18       python/ sockets/ security/ tcp/ server

问题描述

My setup: 我的设置:

I am using python3 and the socket module to setup a socket using ipv4 and tcp, listening and receiving data via an open port. 我正在使用python3和套接字模块使用ipv4和tcp设置套接字,并通过开放端口监听和接收数据。 I have a simple server and client where the client sends a request and the server responses. 我有一个简单的服务器和客户端,客户端在其中发送请求和服务器响应。

My problem: 我的问题:

I did some research and many people suggest that an open port is like an open door so how can I lock it? 我进行了一些研究,许多人建议打开的端口就像打开的门一样,那么如何锁定它呢? My goal is to secure my server and my client and not the data that is transmitted (which means the data shouldn't be altered but it does not matter if somebody reads it). 我的目标是保护我的服务器和客户端,而不是所传输的数据(这意味着不应更改数据,但是否有人读取无关紧要),这是安全的。 I just want to make sure that neither the server nor the client receives wrong data or can be hacked in any way. 我只想确保服务器和客户端都不会接收到错误的数据,也不会以任何方式对其进行黑客攻击。 If both the server and the client are normal computers with build-in firewalls are those sufficient? 如果服务器和客户端都是带有内置防火墙的普通计算机,那么这些计算机是否足够?

Questions: 问题:

  1. How can I make sure that the data I transmit can't be altered? 如何确保传输的数据不会被更改?
  2. Is the firewall (normal firewall that every computer has built-in) of the server sufficient when listening, receiving and sending data via an open port? 通过开放端口侦听,接收和发送数据时,服务器的防火墙(每台计算机都内置的普通防火墙)是否足够? If not what can I do to make sure the server can't be hacked in any way (obviously not entirely but as good as possible)? 如果不能,我该怎么做才能确保服务器不能以任何方式被黑客入侵(显然不是完全被黑客入侵,而是尽可能地被入侵)?
  3. Same as question 2. just for a client (which as far as I am concerned does use an open port or at least not like the server) 与问题2相同。仅针对客户端(就我而言,确实使用开放端口或至少不喜欢服务器)

PS: If possible using python. PS:如果可能,请使用python。

1 个解决方案

解决方案1
 0  2019-06-29 09:41:49

A Basic level of security for the server side would be to send a random key along with the data for verification of trusted client. 服务器端的基本安全级别是发送随机密钥以及数据以验证受信任的客户端。 If the list of clients that are going to send data are known you can just whitelist the IP addresses which accept data only from a specific list of IP addresses. 如果知道要发送数据的客户端列表,您可以将仅接受特定IP地址列表中的数据的IP地址列入白名单。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 侦听端口80的Python套接字未接收到数据 - Python socket listening on port 80 not receiving data Python3中的套接字,监听端口 - Socket in Python3, listening port 使用python套接字发送,接收 - Sending, receiving with python socket python socket并行收发 - python socket parallel sending and receiving Python套接字不接收而不发送 - Python socket not receiving without sending Python:在路由器后面打开一个侦听端口(upnp?) - Python: Open a Listening Port Behind a Router (upnp?) python socket:发送和接收16个字节 - python socket: sending and receiving 16 bytes 如何编写一个端口扫描程序来监听python中的“ ACK”? - How to write a port scanner listening for 'ACK' in python? 套接字中的发送和接收列表 - Sending and receiving lists in socket 在套接字上连续接收和发送 - Continous receiving & sending on a socket
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM