Notes

IT Auditor Recommendations for Locking Down Vulnerable Unix Services

Unix security has a primary objective: to deactivate the services and daemons that are not essential for normal system operation. This article will provide an overview of Unix services that should not be disabled on Unix servers. Industry experience has shown these services are vulnerable to attacks.



By removing vulnerable services, threats against Unix servers can be greatly diminished. IT security professionals and IT auditors generally consider this a high priority. It is possible to get information on which services are the most necessary and which services should be shut down.



To determine active services as well as the port numbers that are associated with them We recommend using the Internet Assigned Numbers Authority (IANA). Services and ports have been standardized and documented in the IANA online database of well-known ports (superseding the previous RFC 1700). This database is accessible via the URL that is listed in the reference section.



These standardized ports, services, and versions are independent of Unix version or vendor. Each service has its own port number and protocol type (TCP/UDP) that are activated via the Unix files /etc/inet/services. The specific characteristics of configuration for each service are set in the /etc/inet/inetd.conf file. Administrators should have access to Unix files and ownership rights. There is no reason to give access to the entire world.



In the CIS Solaris Benchmark, it is recommended to establish a safe baseline of the system's services. Such a baseline allows you to check for any deviations or vulnerabilities. This is beneficial for system administrators, security professionals, and auditors.



Our sources for the services shown below are the Center for Internet Security (CIS) Benchmark, the US Department of Defense Security Technical Implementation Guide (STIG) and our own expert IT auditing experience. This list doesn't include every Unix service since there could be thousands. The decision on which services are essential is organization specific. We recommend that you take the time to examine the services to determine their active and inactive status.



Telnet is the terminal virtual service. It is only required to telnet to the server itself. It is not necessary in the event that you do not wish to. File Transfer Protocol. Two ports are used - FTP commands and the actual data transfer. Only on an FTP server is it necessary. Otherwise it is unnecessary. -Trivial File Transfer Protocol (TFTP). It is necessary only for TFTP boot servers. Game Music Hall It is not necessary for boot servers that use TFTP. -rlogin/rsh/rcp remote services are necessary only if the server must receive inbound requests. These are vulnerable services, and are generally are not required. Remote service -rexec is required only if system must receive inbound 'exec' requests. This service is insecure and should not be used. -DHCP is used to dynamically assigning IP addresses as well as other network information. It is only necessary to be used by a DHCP-server. It is not necessary for servers running DHCP. -SMTP is required to move messages from one system to another. It is only necessary when the system needs to receive mail from other systems. It is not necessary when the system has to receive mail from other systems. -Domain Name System (DNS) name resolution service. This service is only required in the case of a DNS primary or secondary server. This service is not required for DNS clients. Network Filesytem (NFS) is used to connect to remote file systems. It is only utilized if the system is an NFS server. It is not required if the system is an NFS server. Network Information Service (NIS/NIS+ server) is used to perform network-based authentication. It is only required for systems that act as an NIS server for the local site. It is not required on other systems. -'Route' is used only when the system is a network router. It is rarely needed.



References: Unix Security Technical Implementation Guide (STIG). Version 5. 2005. US Defense Information Systems Agency. US Department of Defense. http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf



Solaris Benchmark v2.1.3 Solaris 10 The Center for Internet Security (CIS). 2007. http://www.cisecurity.org



Internet Assigned Numbers Authority (IANA) http://www.iana.org/assignments/port-numbers



Are you looking for certified IT auditors with reasonable prices. Continental Audit Services is your source to manage risks, improve security, and comply with regulations. IT best practices are implemented to all major operating systems, databases and other technology. Visit www.continentalaudit.com.


Website: https://gamemusichall.net/