«
»

Network Security guide for the home or small business network – Part 6 – Secure your services



This one is going to be tougher. Of what we’ve looked at so far this will probably take more work and learning than any of the others. The good news is, depending on your situation you may need to do less here. IF you have decided that your pc (or network) has ports open to the outside world, so that incoming connections can be listened for. You NEED to do this. For every service that is accessible from the outside world…


it needs to get an even higher priority for the security updates that we talked about last time. Beyond that, if it’s accessible from the outside world you need to do some soul-searching. Why is it accessible from the outside? Who is to have access to it? and How can we make it as secure as possible?

If it’s a web server… maybe you’re trying to do a small demo web site off a machine. That’s fine and good, but is the web server accepting connections from locations other than those that need to? Maybe the demo should be password protected. Maybe certain network addresses need to be denied access outright? Maybe, we need to evaluate exactly what data is shown? Are the folders in the webserver browsable? Should they be?

Another example is a ssh server (secure shell) for remote access on linux systems. Does your configuration allow remote root login with the appropriate password? Does it use both SSH 1 and 2 protocols or just 2? Does it restrict logins to any specific network or networks? Specific users? How can it be tightened down?

Of course, the real starting point has to be – do I need to run this service to the outside world? The default mindset should be no and you should have to justify WHY it should be available. Then, ok I can make it available in the narrowest way possible. Broader access if that can be justified. The other thing to consider is – are there better (more secure) ways to acheive the goal of an open service to the outside world? The bottom line is how can we open up the least access to the outside world to achieve what we need to do.

This is the part where you have to learn a bit about what services listen for connections from the outside world and how to 1) do it differently or 2) make them more secure.

Popularity: 1% [?]

PDF    Send article as PDF   
Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 7 - Wireless Networking OK - the last couple of entries got into some heavy lifting and some real learning on your part. Learning about what software needs to run, what services are running, updating them to keep current on security patches. We even talked about securing services listening for outside connections and limiting......
  • What a week.... I think it's time to pass along a long story of what's gone on over the last week or so here and some of the reasons there hasn't been anything posted. Generally, I would say that work has been busy, but something happened last week that went a bit beyond......
  • Network Security guide for the home or small business network - Part 15 - Security Through obscurity I remember many years ago watching a Dr. Who episode where a very important key was "hidden" in a display of many other keys. Kind of like hiding a tree in a forest. This concept is "security by obscurity". Generally this is considered a bad approach to security. It is......
Blog Traffic Exchange Related Websites
  • The SAP Open, The ABN AMRO World Tennis Tournament, The Brasil Open, The Open GDF Suez, The PTT Pattaya Open The only true way to describe this week n in tennis is busy. The men competed in three different tournaments: The SAP Open in San Jose, the ABN AMRO World Tennis Tournament in Rotterdam, and the Brasil Open in Costa do Sauipe. The women competed in two different tournaments: the......
  • Hackers breach security giant RSA’s network An interesting article by Silicon Republic about the recent RSA breach. EMC’s security division RSA has revealed its own network has been breached by hackers who launched an ‘extremely sophisticated’ attack that may have compromised the company’s SecureID authentication service. In a note to customers, executive chairman Art Coviello said......
  • Effecting mental change Experience makes us see an enormous difference between piety and goodness. Blaise Pascal (1623-1662) An open mind is a prerequisite to an open heart. -Robert M. Sapolsky, neuroscientist and author (1957- ) It might be a good idea if the various countries of the world would occasionally swap history books,......

Similar Posts


This entry was posted on Sunday, December 18th, 2005 at 2:06 am and is filed under Computers, Networking, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Leave a Reply

You must be logged in to post a comment.

Switch to our mobile site