42
Chapter 4. Workstation Security
Pass Usernames and Passwords in Plain Text Many older protocols, such as Telnet and FTP, do
not encrypt the authentication session and should be avoided whenever possible.
Pass Sensitive Information in Plain Text Protocols that pass the username and password in plain
text also pass everything transfered between the server and client in plain text. These include Telnet,
FTP, HTTP (
httpd
), and SMTP (
sendmail
).
Many network file systems, such as NFS and SMB, also pass information over the network in
plain text. It is the user's responsibility when using these protocols to limit what type of data is
transmitted.
Remote memory dump services, like
netdump
, pass the contents of memory over the network.
Memory dumps can contain passwords or, even worse, database entries and other sensitive infor
mation.
Other services like
finger
and
rwhod
reveal information about users of the system.
Examples of inherently insecure services includes the following:
rlogin
rsh
telnet
vsftpd
wu ftpd
All remote login and shell programs (
rlogin
,
rsh
, and
telnet
) should be avoided in favor of SSH.
(see Section 4.7 for more information about
sshd
).
FTP is not as inherently dangerous to the security of the system as remote shells, but FTP servers must
carefully configured and monitored to avoid problems.
Services which should be carefully implemented and behind a firewall include:
finger
identd
netdump
netdump server
nfs
portmap
rwhod
sendmail
smb
(Samba)
yppasswdd
ypserv
ypxfrd
The next section discusses tools available to set up a simple firewall.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved