IT Auditor Recommendations for Locking Down Vulnerable Unix Services

From Doku Wiki
Jump to: navigation, search

Unix security has a major goal: to disable services and daemons which are not necessary for normal system operation. In this article, we offer an overview of Unix services that should be disabled on most Unix servers. Experience in the field has proven these services are vulnerable to attacks.



It is possible to lessen the risk to Unix servers by removing vulnerable services. IT security professionals and IT auditors generally make this a high priority. The guidance is readily available for the services that are typically required and on the services that are not usually required and should be disabled.



To identify active services and the port numbers associated with them we suggest using the Internet Assigned Numbers Authority (IANA). Services and ports have been standardized and documented in the IANA online database of well-known ports (superseding the earlier RFC 1700). The database is accessible via the URL that is listed in the reference section.



These standardized services and ports are independent of the Unix vendor or version. Each service has its own port number and protocol type (TCP/UDP) that are activated by the Unix files /etc/inet/services. The /etc/inet/inetd.conf files contains the particular specifications for each service's configuration. The Unix file permissions and ownership of these crucial files should be restricted to administrators only. There is no reason to grant access to everyone in the world.



In the CIS Solaris Benchmark, it is suggested to establish a secure baseline of the system's services. This baseline allows for monitoring for potential vulnerabilities and deviations. This is beneficial for security professionals, system administrators, and auditors.



The Center for Internet Security (CIS) The Center for Internet Security (CIS), the US Department of Defense Security Technical Implementation Guide, (STIG), and our professional IT auditing experience are our sources for the services listed below. This list is not complete and does not cover every Unix service, as there could be thousands. The determination of what services are required is company specific. We recommend that you carefully examine the services to determine their active and inactive status.



Telnet is the terminal virtual service. It is only required to telnet directly to the server. Otherwise, it's unnecessary. -File Transfer Protocol. FTP commands and actual data transfers are both utilized. It is necessary only on an FTP server. Otherwise it is unnecessary. -Trivial File Transfer Protocol (TFTP). It is only required for TFTP boot servers. It is not necessary for TFTP boot servers. Remote services like -rlogin/rsh/rcp are required if the server needs to handle inbound requests. These are vulnerable services and generally not necessary. If the system must receive inbound "exec" requests remote, -rexec remote isn't necessary. This is a vulnerable feature and is not usually required. -DHCP is used to dynamically assign IP addresses and other information about networks. It is necessary only to be used on the DHCP server. It is not necessary for servers running DHCP. SMTP is required to transport messages from one system to another. It is only necessary if mail must be received from other systems. Otherwise, it's not needed. -Domain Name System (DNS) name resolution service. This service is only necessary when the server is a DNS primary or secondary server. It is not required for DNS clients. -Network Filesytem (NFS) is used to connect to remote file systems. It is only used if the system is an NFS server. In other cases, it's not needed. -Network Information Service (NIS/NIS+) server is used to perform authentication using networks. It is only required on systems acting as an NIS server for the local site. Otherwise, it's not needed. Eighteightsix If the system is a router, the term 'Route is the name that will be employed. It is usually not needed.



References: Unix - Security Technical Implementation Guide (STIG). Version 5. 2005. US Defense Information Systems Agency. US Department of Defense. http://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdf



Solaris Benchmark v2.1.3 Solaris 10 The Center for Internet Security (CIS). 2007. http://www.cisecurity.org



Internet Assigned Numbers Authority (IANA) http://www.iana.org/assignments/port-numbers



You are looking for IT auditors certified at affordable rates. Continental Audit Services, is your source to manage risks, improve security and meet regulations. IT best practices are applied to all major operating systems, databases and other technologies. Visit www.continentalaudit.com.

Retrieved from "https://dokuwiki.stream/index.php?title=IT_Auditor_Recommendations_for_Locking_Down_Vulnerable_Unix_Services&oldid=3257687"