• Choose a category
• All
• Classic-Fiction

Use caution when signing newsgroups with your real e-mail account. Many spammers use this information to send junk mail, so you may be inundated with spam.

Several scanning programs are now available to help reduce the amount of junk mail these systems process. Of course, as with all good countermeasures, someone always comes up with a way to neutralize their effectiveness.

Hardening File and Print Servers and Services

File and print servers are primarily vulnerable to DoS and access attacks. DoS attacks can be targeted at specific protocols and overwhelm a port with activity. Make sure these servers run only the protocols needed to support the network.

In a network that has PC-based systems, make sure NetBIOS services are disabled on servers or that an effective firewall is in place between the server and the Internet. Many of the popular attacks that are occurring on systems today take place through the NetBIOS services, via ports 135, 137, 138, and 139. On Unix systems, make sure port 111, the Remote Procedure Call (RPC) port, is closed.

Remote Procedure Call (RPC) is a programming interface that allows a remote computer to run programs on a local machine. It has created serious vulnerabilities in systems that have RPC enabled.

Directory sharing should be limited to what is essential to perform systems functions. Make sure any root directories are hidden from browsing. It’s better to designate a sub-folder or subdirectory off the root directory and share it rather than a root directory. Figure 5.6 illustrates a network share connection. Notice that when a user connects to the network-shared directory, they aren’t aware of where this share actually is in the hierarchy of the filesystem.

FIGURE 5.6 Network share connection

You should always apply the most restrictive access necessary for a shared directory.

Never share the root or parent directory of a disk drive. Doing so creates a potential vulnerability for every file on the system. Instead, share subdirectories.

If an attacker penetrates a root directory, all the subdirectories under that directory are vulnerable. If a subdirectory is penetrated, only the directories that reside below it are exposed—in most cases.

Hardening DHCP Services

Dynamic Host Configuration Protocol (DHCP) is used in many networks to automate the assignment of IP addresses to workstations. DHCP services can be provided by many different types of devices, including routers, switches, and servers. The DHCP process involves leasing a TCP/IP address to a workstation for a specified time. DHCP can also provide other network configuration options to a workstation.

In a given network or segment, only one DHCP server should be running. If more than one is running, they will clash with each other over which one provides the address. This can cause duplication of TCP/IP addresses and potentially lead to addressing conflicts.

DHCP-enabled clients can be serviced by a Network Address Translation (NAT) server. (See Chapter 1, “General Security Concepts,” for a discussion of NAT servers.) DHCP usage should be limited to workstation systems.

An exception to only having one DHCP server running in the network would be if you are implementing redundant DHCP services without overlapping scopes.

Working with Data Repositories

Many of the systems that are being used in networks today rely heavily on stored data. The data is usually kept in servers that provide directory services and database services. These systems are referred to as data repositories. The following sections discuss some of the more common data repositories in use. Most data repositories are enabled by some form of database technology.

Directory Services

Directory services are tools that help organize and manage complex networks. They allow data files, applications, and other information to be quickly and easily relocated within a network. This greatly simplifies administrative tasks, and it allows programmers and developers to better utilize