 |
|
|
|
|
 |
CertiGuide to Security+ 9 Chapter 3: Infrastructure Security (Domain 3.0; 20%) 9 3.5 Security Baselines 9 3.5.1 OS/NOS Hardening |
|
Some Areas to Look At When Hardening an OS
(Page 3 of 4)
Available Services
System processes, known as services on Windows machines and daemons on UNIX machines, run in the background, often with higher-than-normal-user system privileges such as administrative access to files and high priority.
In Windows 2000, you can list and control most services via the SC.EXE command line tool or the Computer Management MMC console.
On UNIX systems, you might have to dig a bit, as daemons are commonly started in a variety of ways. Check the /etc/inittab file and /etc/inetd.conf, as well as your system startup files (files whose names begin /etc/rc, or which are contained in the /etc/rc* directories, depending on which version of UNIX or Linux you run.) Some guidelines on how to determine which services are running and listening for network connections on UNIX machines, as well as a list of known-to-be-insecure services which should be turned off no matter how “neat” you might think they are, can be found in Real World Linux Security353 by Bob Toxen.
Be aware that it’s not usually a good idea to turn off a service unless you know approximately what it does. Of course, finding this out can be a challenge. Check your system documentation or a third-party source, such as Maximum Windows 2000 Security354 by Anonymous, which also includes security recommendations for when certain services should and should not be running, for descriptions of common OS services. And be warned the OS vendor did not supply all the services running on your machines. Application software packages may also install services they require for proper functionality, so just because a service you see on your machine doesn’t make the list, doesn’t mean that your system doesn’t need to be running it.
|
Where is the Service?You can find out what sockets are open on your system with the “netstat –a” command. But how do you get from there, to finding out the process that has a network connection open? The “lsof” command on UNIX or utilities like “tcpview”355 from sysinternals.com on Windows will let you find out which process is associated with each open socket.
__________________
353. Toxen, Bob, Real World Linux Security, Prentice-Hall, November, 2002, http://www.nerdbooks.com/item.html?id=0130281875
354. Anonymous, Maximum Windows 2000 Security, Sams, December, 2001, http://www.nerdbooks.com/item.html?id=0672319659
355. http://www.sysinternals.com
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.