42
Chapter 4. Workstation Security
Pass Usernames and Passwords in Plain Text   Many older protocols, such as Telnet and FTP, do
not encrypt the authentication session and should be avoided whenever possible.
Pass Sensitive Information in Plain Text   Protocols that pass the username and password in plain
text also pass everything transfered between the server and client in plain text. These include Telnet,
FTP, HTTP (
httpd
), and SMTP (
sendmail
).
Many network file systems, such as NFS and SMB, also pass information over the network in
plain text. It is the user's responsibility when using these protocols to limit what type of data is
transmitted.
Remote memory dump services, like
netdump
, pass the contents of memory over the network.
Memory dumps can contain passwords or, even worse, database entries and other sensitive infor 
mation.
Other services like
finger
and
rwhod
reveal information about users of the system.
Examples of inherently insecure services includes the following:
  rlogin
  rsh
  telnet
  vsftpd
  wu ftpd
All remote login and shell programs (
rlogin
,
rsh
, and
telnet
) should be avoided in favor of SSH.
(see Section 4.7 for more information about
sshd
).
FTP is not as inherently dangerous to the security of the system as remote shells, but FTP servers must
carefully configured and monitored to avoid problems.
Services which should be carefully implemented and behind a firewall include:
  finger
  identd
  netdump
  netdump server
  nfs
  portmap
  rwhod
  sendmail
  smb
(Samba)
  yppasswdd
  ypserv
  ypxfrd
The next section discusses tools available to set up a simple firewall.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

web hosting comparison

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved