Table of Contents
Advertisement
Considering Additional Security Issues
Limiting Other Applications on the Server
Carefully consider all applications that run on the same machine as the server. It's
possible to circumvent your server's security by exploiting holes in other programs
running on your server. Disable all unnecessary programs and services. For
example, the UNIX
be programmed to run other possibly detrimental programs on the server machine.
UNIX and Linux
Carefully choose the processes started from
telnet
server machine (this can distribute files but it can also be used to update files on the
server machine).
Windows NT
Carefully consider which drives and directories you share with other machines.
Also, consider which users have accounts or Guest privileges.
Similarly, be careful about what programs you put on your server, or allow other
people to install on your server. Other people's programs might have security
holes. Worst of all, someone might upload a malicious program designed
specifically to subvert your security. Always examine programs carefully before
you allow them on your server.
Preventing Clients from Caching SSL Files
You can prevent pre-encrypted files from being cached by a client by adding the
following line inside the
<meta http-equiv="pragma" content="no-cache">
Limiting Ports
Disable any ports not used on the machine. Use routers or firewall configurations
to prevent incoming connections to anything other than the absolute minimum set
of ports. This means that the only way to get a shell on the machine is to physically
use the server's machine, which should be in a restricted area already.
132
Netscape Enterprise Server Administrator's Guide • November 2001
sendmail
or
from the server machine. You also shouldn't have
rlogin
<HEAD>
daemon is difficult to configure securely and it can
inittab
section of a file in HTML:
and
scripts. Don't run
rc
rdist
on the
Advertisement
Table of Contents
