Services which should be turned off
Earlier in this blog I talked about services which should be turned off unless they were absolutely necessay for a system to run. The reason for turning these services off is that the less services that are running on a system means the less services that a hacker can use to break into your system. Linux is suppose to be a secure system and it's up to the administrator to keep it that way. Some of the services which should be shut off are as follows:
telenet, rlogin, rsh & rcp: these services allow a user to log in remotely and perform commands on the system from a remote location. The main problem with these services is the fact that they are not encrypted. Anyone can view a remote login session and see exactly what an administrator is doing as he is doing it. The more secure option is to use the SSH utilities.
FTP: Like the above services FTP is not an encrypted protocol. If FTP has to be ran on a system it is best to set the directory up as a separate partition. This way any access someone might have is to that particular partition and no further.
IMAP and POP: If the system is not set up to be an email server these services need to be shutdown. Once again running these services when you don't need to is offering up access to your system when you don't need to.
The chkconfig utility can be used to turn these services off. If you want ot ensure they stay off after a reboot make sure you comment out the lines in the start up scripts that turn these services on.
The key, as always, is to shut down any unneeded services on your system.
telenet, rlogin, rsh & rcp: these services allow a user to log in remotely and perform commands on the system from a remote location. The main problem with these services is the fact that they are not encrypted. Anyone can view a remote login session and see exactly what an administrator is doing as he is doing it. The more secure option is to use the SSH utilities.
FTP: Like the above services FTP is not an encrypted protocol. If FTP has to be ran on a system it is best to set the directory up as a separate partition. This way any access someone might have is to that particular partition and no further.
IMAP and POP: If the system is not set up to be an email server these services need to be shutdown. Once again running these services when you don't need to is offering up access to your system when you don't need to.
The chkconfig utility can be used to turn these services off. If you want ot ensure they stay off after a reboot make sure you comment out the lines in the start up scripts that turn these services on.
The key, as always, is to shut down any unneeded services on your system.
