2009 Mar 01
| DNS | FTP | HTTP | r-commands | Telnet | TFTP | X Windows |
Default installations leave many of these services active, waiting for user (and attacker) connections. Turn off all unrequired services! Many of these services started on Unix systems but are now also available on Windows systems too.
DNS servers are used by clients to translate domain names to IP addresses, among other capabilities. A very common DNS server on Unix systems is the Berkeley Internet Name Domain (BIND) server. DNS servers are usually started with init, and run in the background listening for requests. If an attacker can disable you DNS servers, or worse yet, remap you domain name to another IP address, they could seriously undermine access of your systems on your internal network or across the Internet.
Many mail servers are available. One of the most popular is sendmail which has both free and commercial versions. Unfortunately, sendmail has a variety of security problems, many of which allow and attacker to gain root privileges on a vulnerale system. Be sure to apply all security patches.
FTP is used to move files between systems. FTP servers are started by inetd. All data is unencrypted and hence can easily be captured by an attacker or be hijacked.
Web servers send information to Web browsers using HTTP. Many Web server packages are available from the free Apache Web server, available at www.apache.org, to commercial servers such as Netscape's products. Web servers are usually started by init. Because Web servers are publicly available they are frequent targets of attackers.
NFS allows users to transparently access files across the network, making the remote directories and files apear to the user as though they were part of your local file system. On the system where the files are to be shared, the NFS server exports directories or partitions or a single file or a device (e.g. a zip drive).
Other machines can mount these exports at specific points in their file system (e.g. the /mnt/files/ directory). A user merely has to change directory to /mnt/files/ and below to have access to the remote files without having to explicitly transfer the files as FTP (or TFTP) would require.
On Unix systems the
Attackers frequently scan networks looking for world accessible NFS exports to see if any sensitive data can be read or altered. Carefully limit such NFS access (both files and hosts) and the file permissions. It is best to use the secure file transfer features of the Secure Shell (SSH) tool or an IPSec based virtual private network (VPN).
The r-commands (e.g. rlogin, rsh, and rcp) are used to remotely interact with Unix systems. Each of these services is stared by inetd, and allow an attacker an opportunity to subvert Unix trust relationships.
Telnet provides a remote command line interface across the network. To login, users type in their user name and password to a telent client which passes tha to a telnet server. The telent server, telnetd, is invoked by inetd. All telnet data is unencrypted and can easily be captured by a attacker. Further, telnet sessions can be easily taken over by an attacker in what is called a session hijacking attack.
TFTP clients and servers implement a subset of the FTP protocol and is used to move files between systems without any authentication. TFTP servers are usually started by inetd.
The X Window System (X11) provides the GUI on must Unix systems. An X server controls the screen, keyboard and mouse - offering them to various programs that wish to display images or get input from users. A common X program is xterm which implements a command line interface to run a command shell in a window on an X display.
X can be attacked in many ways. To prevent such attacks use the xhost command or X magic cookies to limit who can connect to your display or see the data on your screen. If you machine does not require a GUI (such as a server with a dumb terminal) delete (or disable) the X Window software to prevent attacks. X is not encrypted, so use a VPN or SSH if sensitive data is involved.
2005-2009