Securing Ports and Protocols
Controlling network access is an important part of system security, and on a network such as the Internet, based on Transmission Control Protocol/Internet Protocol (TCP/IP), that means controlling access to ports. By monitoring and limiting the types of connections that applications and computers make to your system, you can greatly reduce the chances that the system will be compromised.
In this chapter, we first explain how ports and protocols work. We then show you how to determine which ports are being used and, more important, which programs are using them. Armed with that information, you can restrict access to ports other than the ones legitimately used by your programs, as we explain in the next section.
The rest of the chapter covers the topic of services, specialized programs that perform functions to support other programs and services. Many services control, to one degree or another, the use of ports. For this reason—and because services typically run in the context of a privileged user account such as System or Local Service—understanding and managing services are important steps in securing your computer and your network. The final sections of the chapter provide more details about a particular collection of services—Internet Information Services, or IIS—that allow other users to connect to your computer over the Internet. Naturally, you'll want to take extra care in configuring these services.
Security Checklist: Ports, Protocols, and Services
--------------------------------------------------------------------------------
See which ports are open for incoming connections.
Determine which services and applications are using the open ports.
Use TCP/IP filtering to block access to ports other than ones you explicitly need open.
Disable unneeded services.
If you use Internet Information Services (IIS) as a server for Web, FTP, or SMTP access, disable the services you don't need.
Unless you're using IIS for public Internet access, disable anonymous access.
Run the IIS Lockdown tool.
Inscription à :
Publier les commentaires (Atom)
Aucun commentaire:
Enregistrer un commentaire