SupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

4.5.3. Insecure Services

Potentially, any network service is insecure. This is why turning unused services off is so important. Exploits for services are revealed and patched routinely, making it very important to keep packages associated with any network service updated. Refer to Chapter 3, Security Updates for more information about this issue.
Some network protocols are inherently more insecure than others. These include any services which do the following things:
  • Pass Usernames and Passwords Over a Network Unencrypted — Many older protocols, such as Telnet and FTP, do not encrypt the authentication session and should be avoided whenever possible.
  • Pass Sensitive Data Over a Network Unencrypted — Many protocols pass data over the network unencrypted. These protocols include Telnet, FTP, HTTP, and SMTP. Many network file systems, such as NFS and SMB, also pass information over the network unencrypted. It is the user's responsibility when using these protocols to limit what type of data is transmitted.
    Also, remote memory dump services, like netdump, pass the contents of memory over the network unencrypted. Memory dumps can contain passwords or, even worse, database entries and other sensitive information.
    Other services like finger and rwhod reveal information about users of the system.
Examples of inherently insecure services includes the following:
  • rlogin
  • rsh
  • telnet
  • vsftpd
All remote login and shell programs (rlogin, rsh, and telnet) should be avoided in favor of SSH. (refer to Section 4.7, “Security Enhanced Communication Tools” for more information about sshd.)
FTP is not as inherently dangerous to the security of the system as remote shells, but FTP servers must be carefully configured and monitored to avoid problems. Refer to Section 5.6, “Securing FTP” for more information on securing FTP servers.
Services that should be carefully implemented and behind a firewall include:
  • finger
  • authd (this was called identd in previous RHEL releases)
  • netdump
  • netdump-server
  • nfs
  • rwhod
  • sendmail
  • smb (Samba)
  • yppasswdd
  • ypserv
  • ypxfrd
More information on securing network services is available in Chapter 5, Server Security.
The next section discusses tools available to set up a simple firewall.
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.