We have a Comcast business gateway (SMC 3DG-CCR) that serves as our Internet router. Like many organizations, we have been attacked regularly by malware from the Internet. Most of these intrusion attempts come in on port 80. On the Comcast gateway, port 80 is being forwarded to port 80 on our server. That allows the malware direct access to the server. I would like to uncheck the port forwarding box in the Comcast gateway to break this connection. At that point, the malware would not reach the server the way it has in the past.
Please note that this server does not host a web site. There is no reason for anyone from the outside to need access to port 80, either on the server or the gateway, as far as I know.
Is this port forwarding needed for us to access the gateway's web configuration program? I do not want to block our access to the setup/configuration program on the Comcast device.
Also, do we need port 80 forwarded like this for the server and workstations to use web sites on the Internet? DNS service on our small network is provided by our server (Windows Small Business Server).
Thanks for any guidance you can offer with these questions.