Lesson 4 | Protecting TCP/IP Services |
Objective | Effectively secure Internet services. |
Protecting TCP/IP Services
Most implementation of Internet services access the underlying operating system through a specialized user account. Both NT and UNIX
have specific system accounts that are used for each service or daemon. Change the default account to a custom account to enhance
security.
Changing defaults
In the case of Windows NT and Internet services, all services are controlled through an account called "local system." This
is not a normal account since one cannot log on directly to use it, but it does run with administrative privileges. Changing the
accounts for each Internet service allows administrators to better control and audit each Internet service. The same concept holds
true for UNIX daemons.
Internet servers
Critical to protecting the TCP/IP services is protecting the servers that run them. The most common Internet servers are:
- The HTTP (or Web) server
- The FTP server
- The SMTP server
- Other services, such as DNS, WINS, and SAMBA
- The Web server
Securing Web server
The key to securing the Web server is to segment the operating system, the Web server program, and the server's files on their
own hard drive or partition. If a breach occurs, such segmentation will help limit a hacker's activity to specific hard drives,
or even parts of hard drives, that are not essential to the rest of the system.
Securing FTP server
Securing the file transfer protocol (FTP) server is similar to securing the Web server. The FTP server should be separated
from the files it downloads by using partitions. Whenever possible, FTP user accounts and access options must be separated from those
used to access the Web. The FTP server should not allow access to sensitive files. Otherwise, users could gain access to Web directories and overwrite Web
files. This problem has happened quite often, including an episode where U.S. intelligence agencies' Web pages were altered by
hackers.
Instead of keeping the operating system, program files, and HTML files and scripts for a Web page all on the same hard drive,
partition the drive several times, then place only the operating system on the primary partition.
Protecting TCP/IP Services - Exercise
Click the Exercise link below to locate documentation for securing TCP/IP and network resources.
Protecting TCP/IP Services - Exercise