Network Security guide for the home or small business network – Part 6 – Secure your services



This one is going to be tougher. Of what we’ve looked at so far this will probably take more work and learning than any of the others. The good news is, depending on your situation you may need to do less here. IF you have decided that your pc (or network) has ports open to the outside world, so that incoming connections can be listened for. You NEED to do this. For every service that is accessible from the outside world…


it needs to get an even higher priority for the security updates that we talked about last time. Beyond that, if it’s accessible from the outside world you need to do some soul-searching. Why is it accessible from the outside? Who is to have access to it? and How can we make it as secure as possible?

If it’s a web server… maybe you’re trying to do a small demo web site off a machine. That’s fine and good, but is the web server accepting connections from locations other than those that need to? Maybe the demo should be password protected. Maybe certain network addresses need to be denied access outright? Maybe, we need to evaluate exactly what data is shown? Are the folders in the webserver browsable? Should they be?

Another example is a ssh server (secure shell) for remote access on linux systems. Does your configuration allow remote root login with the appropriate password? Does it use both SSH 1 and 2 protocols or just 2? Does it restrict logins to any specific network or networks? Specific users? How can it be tightened down?

Of course, the real starting point has to be – do I need to run this service to the outside world? The default mindset should be no and you should have to justify WHY it should be available. Then, ok I can make it available in the narrowest way possible. Broader access if that can be justified. The other thing to consider is – are there better (more secure) ways to acheive the goal of an open service to the outside world? The bottom line is how can we open up the least access to the outside world to achieve what we need to do.

This is the part where you have to learn a bit about what services listen for connections from the outside world and how to 1) do it differently or 2) make them more secure.

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 10 - use good passwords In a small, trusted network you might be able to get away with weak passwords for file sharing for instance. What's a weak password? Anything you might find in a dictionary. Most people don't realize this, but there are programs designed to crack passwords. They're designed to take a dictionary......
  • Network Security - Arp spoofing series I think I've wrapped up the series on arp spoofing and it's implications for network security. I know there's nothing earth shattering here, most network security types are well aware of the problems (and perhaps aware of more sophisticated solutions?). For some though, this series is likely an eye opener......
  • Network Security - how should an open wireless access point be run beside a safe network? So, let's say we want to have an open wireless access point for some reason. (Maybe offering it to guests if you're a business?) There are certainly a lot of BAD ways to give open wireless access. As we've seen in this series so far, it could be quite easy......
Blog Traffic Exchange Related Websites
  • How To Protect your Wi-Fi network from unauthorized access Wireless security is of major concern at this time. Terrorists might use your unprotected Wireless network for sending e-mails and/or Cyber Terrorists can use it for hacking into Government websites/networks. Your IP address will be traced by the Cyber Police and you'll be in unnecessary trouble. Very less people actually......
  • Working after Receiving Social Security at Age 62 There are sound financial reasons for waiting to your full retirement age to claim Social Security retirement benefits.  Delaying Social Security until age 70 can enhance those benefits even more.  Nevertheless, many baby boomers will determine that they must or should begin receiving benefits at age 62. Unfortunately, many retirees......
  • Solidifying WP Security Designed with PHP, and powered by mySQL directories, WordPress is used by an amazing 8.5% of all websites. Web delivered spyware and web page hacking are becoming progressively more common. With such a lot of web content using WordPress as a CMS, any security weaknesses in the CMS structure or......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Leave a Reply

You must be logged in to post a comment.


Switch to our mobile site