| Read this whole guide offline with no ads, for a low price! |
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31) |
|
| Test yourself better with 300 extra Security+ questions! |
| Get It Here! |
|
|
3.6 Summary
(Page 9 of 10)
Hardening NNTP Servers
NNTP, the Network News Transfer Protocol,
handles the distribution of Usenet News, over port 119. As with email
messages, News article headers can be forged, and news server clients
can consume lots of bandwidth, so if possible, run a News server that
requires authentication and takes steps to disallow the posting of forged
articles.
Hardening File and Print Servers
The next area you looked into was
hardening file and print servers. In addition to making sure your OS
software is up to date, and important action to take is to pay attention
to configuration details, as one slip can place a random user into,
for example, the Windows Local Administrators group, allowing them access
to many sensitive files. When determining whether to grant a remote
request for access to a file, the file server will typically start with
the OS-level file permissions set on that object, and then further restrict
those permissions if the “share” permissions are set to deny
certain types of access like write, or access to certain individuals
or groups.
Hardening DHCP Servers
You then explored hardening DHCP
servers, which are used to assign and distribute host configuration
information to clients who request it; information assigned may include
IP address, gateway and other configuration details. DHCP-related risks
include denial of service to legitimate network hosts if rogue clients
unnecessarily request IP addresses, and use up the pool of available
addresses, and the risk of a “rogue” DNS server on the network
being run to hand out an illegitimate DNS server address which contains
invalid data an attacker could use to redirect legitimate traffic to
illegitimate sites. Because of this DNS vulnerability, it is suggested
that DHCP be configured to NOT hand out DNS server addresses, and that
that be hand-configured at each client machine. Normally, DHCP communicates
via broadcast and is thus restricted to communication within a subnet
only; if you wish DHCP requests to cross subnet boundaries, you must
enable DHCP forwarding on your routers and allow UDP port 67 traffic.
| If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support! |
|
|
Home -
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.
|
