Friday, August 12, 2011

10 most important Unix Security issues

1. Web Server. One of the places that an intruder is going to check first is for vulnerabilities in your Apache version and in you cgi-scripts.

2. Remote Procedure Calls. RPC Services should be down if they are not required, they allow a remote user to execute instructions in your computer; the intruder usualy gains root access this way.
3. SNMP (Simple Network Management Protocol). This protocol is known to have had its vulnerabilities and their password can be easily cracked and more easier captured from the network.
4. SSH (Secure Shell). SSH has been exploited before, if you do not need it then you can turn it off, or filter the source ip addresses with TCP Wrapper.

5. Remote Services (Trusted host). This was a setup in the machines based on the rely of other machines IP address, and leaved access without asking password. Their binaries are "rsh", "rcp", "rlogin" and "rexec". They exist and can be used also today, the attacked can do a party with your machine if they use a technique known as "ip spoofing".

6. FTP (File Transfer Protocol). Many vulnerabilities have been found in FTP, as exploits and protocol weaknesses, like clear text password transfer (resolved in SFTP).

7. LPD (Line Printer Daemon). This daemon is also remotely exploitable with help of an overflow and a shellcode, gaining root access if the server is running as root.

8. BIND/DNS (Dynamic Name Server). DNS Flooding, exploits and other attacks are available, if you are going to set up a DNS, use a firewall to filter any port that you do not want.

9. Sendmail. This mail transfer agent is known for its buffer overflows and remote exploits, though it has resolved its issues, always appears something new. It is recommended to use qmail.

10. Weak Password / No Passwords in the system. I do not need to explain this.

Many people that talk about security talk about a false sense of security that one can have in the cyberspace, i do not totaly agree with them, i see very often thay it is created a false sense of insecurity also. The items i have listed before create some sense of insecurity and alert; but do not worry, if you are going to run one of this critical services, just keep in mind:

* Use a well configured firewall (pay more attention to "well configured" than "firewall")
* Set up correctly an Intrusion Detection and Prevention System.
* Ask for help a security professional