|
|||||||
|
|||||||
|
 |
|
 |
|
|
*SECURING*
The first and most important step is to disable services that aren't being used or are known to be insecure. The finger service is a service that provides information about users on a system. Because it enables potential hackers to get information that they can use to their advantage, such as usernames and info useful in social engineering, it should be disabled. Unless a system is going to be used as an ftp server, the ftp daemon should be disabled as hackers can use misconfigured ftp servers to bounce attacks on other machines or store files such as mp3's or porn. Telnet is a useful service that enables users to connect to remote machines, but it is insecure because transmissions to and from the server can be intercepted and read. Secure Shell (ssh/ssh2) should be installed in place of telnet because transmissions are encrypted. Some of the most insecure services are RPC's (Remote Procedure Calls). These enable a program running on one machine to execute code on a remote system. Since many of these services run with root privileges, a successful buffer overflow attack would lead to root access. After disabling unecessary services, the sysadmin should make sure that the remaining services are the most current version. Exploits in older versions are usually patched in the most recent ones. Also, properly configuring these services is a must. Many services come with default configurations that allow hackers to exploit them. DNS servers, for example, shouldn't allow zone transfers because they provide hackers with Another aspect of securing a network or system is for a sysadmin to educate his users on secure practices. It defeats the purpose of the sysadmin taking all of these precautionary measures when his users are using weak passwords or are giving away their passwords to the hacker on the phone. A good practice is for the sysadmin to enforce strong passwords (weak: 12345, strong: w1l3Yd0ZOu3) and to establish a system to change passwords after a certain amount of time expires. Although this can be a hassle, it makes for a more secure network. Also, properly setting user privileges keeps system users from accessing inappropriate commands and files, as well as hackers who gain access to a user's account. All of this may seem obvious but, unfortunately, it does get overlooked. In the two subsections, you can find links to vendor patches pages, and security alerts, as well as scripts that have been made in order to secure a machine a little bit more. Visiting http://www.cert.org is a great thing to do in order to keep an eye on upcoming security alerts. Another great site would be http://packetstorm.securify.com .
|
|
|
|
[Index] [Introduction] [Attack] [Detection / Recovery] [Prevention] [Conclusion] [Credits] |