Threats To Network Security; Insecure Architectures; Threats To Server Security; Unused Services And Open Ports - Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual

Chapter 2. Attackers and Vulnerabilities

2.2. Threats to Network Security

Bad practices when configuring the following aspects of a network can increase the risk of attack.

2.2.1. Insecure Architectures

A misconfigured network is a primary entry point for unauthorized users. Leaving a trust-based, open
local network vulnerable to the highly-insecure Internet is much like leaving a door ajar in a crime-
ridden neighborhood — nothing may happen for an arbitrary amount of time, but eventually someone
exploits the opportunity.
2.2.1.1. Broadcast Networks
System administrators often fail to realize the importance of networking hardware in their security
schemes. Simple hardware such as hubs and routers rely on the broadcast or non-switched principle;
that is, whenever a node transmits data across the network to a recipient node, the hub or router
sends a broadcast of the data packets until the recipient node receives and processes the data. This
method is the most vulnerable to address resolution protocol (arp) or media access control (MAC)
address spoofing by both outside intruders and unauthorized users on local hosts.
2.2.1.2. Centralized Servers
Another potential networking pitfall is the use of centralized computing. A common cost-cutting
measure for many businesses is to consolidate all services to a single powerful machine. This can be
convenient as it is easier to manage and costs considerably less than multiple-server configurations.
However, a centralized server introduces a single point of failure on the network. If the central server
is compromised, it may render the network completely useless or worse, prone to data manipulation
or theft. In these situations, a central server becomes an open door which allows access to the entire
network.

2.3. Threats to Server Security

Server security is as important as network security because servers often hold a great deal of an
organization's vital information. If a server is compromised, all of its contents may become available for
the cracker to steal or manipulate at will. The following sections detail some of the main issues.

2.3.1. Unused Services and Open Ports

A full installation of Red Hat Enterprise Linux contains 1000+ application and library packages.
However, most server administrators do not opt to install every single package in the distribution,
preferring instead to install a base installation of packages, including several server applications.
A common occurrence among system administrators is to install the operating system without paying
attention to what programs are actually being installed. This can be problematic because unneeded
services may be installed, configured with the default settings, and possibly turned on. This can cause
unwanted services, such as Telnet, DHCP, or DNS, to run on a server or workstation without the
administrator realizing it, which in turn can cause unwanted traffic to the server, or even, a potential
Chapter 5, Server Security
pathway into the system for crackers. Refer To for information on closing
ports and disabling unused services.
10