Whether you have a home server setup or run a small business, anywhere where you have two or more computers connected together, there you have a network. And any point at which that network connects to the outside Internet, there you have a potential security compromise point. While network security is a deep subject, there are an alarming number of admins out there who focus on the latest hyped issue while forgetting to look at the basics. So see this list as “the very least you need to know”.
1. – If you don’t use a service, turn it off. FTP, netstat, telnet, POP3, SSH… anything you don’t use is a useless liability just sitting there. It may not be a problem today, but when a new exploit is discovered for it, you’ll have to worry about securing it then. Why take a risk if you’re not even using it?
2. – If you don’t use a program, remove it. Similar to point one, a program which came installed by default which you are not using is also a potential problem. For instance, no computer should have sendmail installed unless – obviously – you actually send mail from that computer.
3. – If you have an .rhosts file, get rid of it. This is used by rlogin, rcp, rsh, or anything that would be accessible remotely to let users log in without a password. Cracking programs often attempt to overwrite the root account’s .rhosts file. Really, what’s wrong with simply doing away with .rhosts and making everybody use a password?
4. – Learn TCP/IP wrapping and use it. Generally, this sort of program creates a “middle-man” who checks the incoming request on such services as finger and talk, and can be configured with a run-time whitelist and blacklist to grant or deny permission. The Apache server implements a similar concept with its DENY/ALLOW parameters.
5. – Use TCP/IP logging. Just about any server out of the box these days has logging turned on by default, but how many admins actually bother to read all that data? It’s worth the effort to at least glance through the file once a week. Some simple regexp searches can uncover addresses with suspicious activity. Really, you should know what normal access looks like, then block anybody who wildly deviates from the pattern.
6. – If you use NFS, only export the directories you absolutely need to share. You can always specify directories one at a time in the /etc/exports file, to be used by rpc.nfsd and rpc.mountd. Slinging your whole file system wide open is just asking for trouble.
7. – Go through your CGI script folders and remove the example and generic scripts, if you’re not using them. An unused script is just asking to be overwritten with malicious code and used by an attacker.
8. – If your server uses X-Windows, make sure its locked down with xauth and xhost security methods. This will prevent things like remote keylogging. Really, if you’re running X-Windows on your server, you have to ask yourself if it’s really necessary. If it is necessary to you and you already know X-Windows security, you’re probably too advanced to be needing this guide anyway.
- Securing your Home Network – the least you need to know
- Fixing Windows using a Live Linux CD – part three
- The Quest for Quake
- More Evil Things to Type into Google
- Fixing Windows using a Live Linux CD – part one