I need help answering the question below. 1.Discuss the need to secure unused ap

Question

I need help answering the question below.

1.Discuss the need to secure unused applications and ports for the purposes of hardening your server? As a Linux System Admin, talk about the importance identifying open access points and why these ports are potentially a liability? Give at least three examples and support your statements with facts.

2.Discuss the roles of the xinted "super deamon" and TCP Wrapper in securing access to your systems? As a Linux System admin, talk about how these can be used to further harden your system and the importance of how you apply these tools? Give examples and support your answers.

Explanation / Answer

1.) Hackers often gain access to servers through unused (not configured or not secured) ports and services, such as Internet Information Services (IIS). To limit entry points for hackers, there must is a need of blocking unused ports and protocols as well as disabling services that are not required for fulfilling the purpose of the Server hardening.

Building a hardened server means implementing secure procedures from the initial installation.During installation, three local user accounts are automatically created--Administrator, Guest and Help-Assistant, which is installed with a Remote Assistance session. The Administrator account holds the keys to the kingdom. It can assign user rights and access control. Although this master account cannot be deleted, it should be disabled or renamed to make it more difficult for hackers to gain access. So, better would be to identify the open access points where there is a chance for attack from the Hacker and take care of it by disabling or renaming.

Open ports are high-risk areas and would be a gateway for attackers. There are 65,535 available ports and your server doesn't need all of them. A firewall, included with SP1, allows administrators to disable unnecessary TCP and UDP ports. Ports are divided into three distinct ranges: well-known ports (0-1023), registered ports (1024-49151) and dynamic/private ports (49152-65535). The known ports are the critical ones required for OS function. The registered ports are those able to be used by only that service or application.

The most effective way to harden a server is to not install any applications that are not relevant to its operations and to turn off unneeded services. While having an email client or productivity tools on a server might be convenient for administrators, they should not be installed if they do not directly relate to the server's functionality. More than 100 services can be disabled in Windows Server 2003. For example, DHCP services are included in the base installation. However, if you are not going to utilize the system as a DHCP server, disabling tcpsvcs.exe will prevent the service from initializing and functioning. Keep in mind, though, that not all services can be disabled. For example, although the Remote Procedure Call (RPC) service was exploited by the Blaster worm, it cannot be disabled since it allows other system processes to communicate internally and across the network. To shut down unneeded services, access the Services interface through the Control Panel's Administrative Tools menu. Double-click on the service to open the Properties dialog box and choose Disabled in the Startup Type box.

2.)Controlling access to network services is one of the most important security tasks faced by a server administrator.TCP Wrappers add an additional layer of protection by defining which hosts are or are not allowed to connect to "wrapped" network services. One such wrapped network service is the xinted super server. This service is called a super server because it controls connections to a subset of network services and further refines access control.

When a connection attempt is made to a TCP-wrapped service, the service first references the host's access files (/etc/hosts.allow and /etc/hosts.deny) to determine whether or not the client is allowed to connect. In most cases, it then uses the syslog daemon (syslogd) to write the name of the requesting client and the requested service to /var/log/secure or /var/log/messages.

If a client is allowed to connect, TCP Wrappers release control of the connection to the requested service and take no further part in the communication between the client and the server.

In addition to access control and logging, TCP Wrappers can execute commands to interact with the client before denying or releasing control of the connection to the requested network service.

References taken while answering this question:

1.)https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-tcpwrappers.html

2.)https://www.computerweekly.com/news/2240020779/Five-ways-to-harden-Windows-Server

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.