CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [132]
The IUSR_computername account is created when services are installed on IIS and used to represent the anonymous user. Rights assigned to this account apply to all anonymous web users.
Hardening E-Mail Servers
E-mail servers provide the communications backbone for many businesses. They typically run either as an additional service on an existing server or as dedicated systems.
Putting an active virus scanner on e-mail servers can reduce the number of viruses introduced into your network as well as prevent viruses from being spread by your e-mail server. Figure 5.5 illustrates an e-mail virus scanner being added to a server. In this implementation, the scanner filters incoming e-mails that are suspicious and informs e-mail users of a potential system compromise. This feature will no doubt become a standard feature of most e-mail servers in the near future; it’s very effective in preventing the spread of viruses via e-mail.
FIGURE 5.5 E-mail virus scanner on an e-mail server
Several servers use data stores, or storage, to allow collaboration, meeting scheduling, conferencing, and other functions. The functionality and capabilities of these servers is increasing on a regular basis. Keep them up-to-date and current.
Real World Scenario
Using ACLs to Address Spam
You’ve been observing repeated attempts by a TCP/IP address to connect to your e-mail server. These failed connection attempts appear in your e-mail system logs. The intruder continually attempts to access port 25.
E-mail servers are being inundated by automated systems that attempt to use them to send spam. Most e-mail servers have implemented measures to prevent this. However, the threats are becoming increasingly more sophisticated. You may be able to reduce these attempts to access your system by entering the TCP/IP addresses in your router’s ACL Deny list. Doing so will cause your router to ignore connection requests from these IP addresses, effectively improving your security.
Hardening FTP Servers
File Transfer Protocol (FTP) servers aren’t intended for high-security applications because of their inherent weaknesses. Most FTP servers allow you to create file areas on any drive on the system. You should create a separate drive or subdirectory on the system to allow file transfers. If possible, use virtual private network (VPN) or Secure Shell (SSH) connections for FTP-type activities. FTP isn’t notable for security, and many FTP systems send account and password information across the network unencrypted. FTP is one of the tools frequently used to exploit systems.
From an operational security perspective, you should use separate logon accounts and passwords for FTP access. Doing so will prevent system accounts from being disclosed to unauthorized individuals. Also make sure that all files stored on an FTP server are scanned for viruses.
You should always disable the anonymous user account. To make FTP usage easier, most servers default to allowing anonymous access. However, from a security perspective, the last thing you want is to allow anonymous users to copy files to and from your servers. Disabling anonymous access requires the user to be a known, authenticated user in order to access the FTP server.
As mentioned, for web access with various versions of IIS, the IUSR_ computername account is created when services are installed and used to represent the anonymous user. Rights assigned to this account apply to all anonymous users.
The best way to secure FTP is to replace it altogether. Instead of using FTP, the same functionality can be found in more secure services such as Secure File Transfer Protocol (SFTP).
Hardening DNS Servers
Domain