These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

UNIX03/Open Network Ports

Classnotes | UNIX03 | RecentChanges | Preferences

Just as every account on your system is a potential path for a cracker, every network service is a road to it. Most systems install tons of software by default, whether they are necessary or even wanted. Many distributions opt for "easy" over "secure" (this is especially true for Red Hat). Take the time to audit the packages installed on your machine and determine if you need or want them. Better yet, do not even install them at all.

In the last course, we learned of the netstat command. Use it to determine what services are being run on your system using some derivative of the following

 # netstat -atuv

NFS, finger, the shell, exec, and login r* (rsh rexec and rlogin) services, FTP, telnet, sendmail, DNS, and linuxconf are some of the more popular services that get turned on by default. At least some of these should be turned back off.

Once you have isolated which services you do not want or need, be sure to turn them off.

We will return more to this later.


Classnotes | UNIX03 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited May 31, 2003 1:45 am (diff)
Search:
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.