WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.5  Security Baselines
           9  3.5.3  Application Hardening

Previous Topic/Section
3.5.3.5  DNS Servers
Previous Page
Pages in Current Topic/Section
1
Next Page
 3.5.3.7  File/Print Servers
Next Topic/Section

3.5.3.6  NNTP Servers

NNTP servers handle the distribution of Usenet News. The NNTP (or Net News Transfer Protocol) uses port 119, so if you need to provide NNTP access to clients outside your network, make sure you allow incoming connections to port 119 on your NNTP server.

NNTP

NNTP uses TCP port 119.


Through an NNTP server, users can read and post news “articles” which are then made available to other sites participating in Usenet through bulk transfers of batches of articles among cooperating sites. (Yes, you read that right; there WAS peer-to-peer before Napster!)

NNTP Server Security Issues

NNTP software tends to be fairly complex, and security holes are discovered in various implementations from time to time, with results including an attacker obtaining system administrator access to the news server, creating a denial of service situation, reconfiguration of the news server, etc., so do keep up with patches.

NNTP originally controlled access based on the host from which users connected (or they allowed everyone, anywhere, access). When most users read news from multi-user UNIX machines, this model worked well enough, but with the advent of single-user workstations and dynamically assigned IP addresses, became difficult to manage.

Add the problem of users making inappropriate posts, and even “forging” news articles (making it look like someone else posted an article they created), and news server suppliers began to place more emphasis on authenticating those who connect to them.

Some require users to authenticate themselves before access is provided, and some don’t. If possible, run a news server that requires authentication and takes steps to ensure that articles are not submitted with forged identity information.

Based on the provided authentication information, users can be authorized to read news, post or bulk transfer news (which allows the user to upload/download entire sets of multiple articles, a capability which is usually only needed for servers). Most commonly, you would only allow the first two privileges, unless a peer server with whom you exchange news used the user ID in question.

NNTP Issues

As with email messages headers, NNTP article headers listing the poster’s identity and other information can be forged. Additionally, NNTP client connections can consume a lot of bandwidth. Therefore, it is best if you can run a news server that requires authentication and takes steps to ensure that forged articles are not accepted.



Previous Topic/Section
3.5.3.5  DNS Servers
Previous Page
Pages in Current Topic/Section
1
Next Page
 3.5.3.7  File/Print Servers
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.