Network Services Unless we are connected to an isolated network where every machine is secure and trusted, we must assume that all the information we send and receive across the network can be intercepted by a third party (i.e. someone other than us and the intended recipient of the data). Network Services One way a hacker may try to gain unauthorized access to our system is by exploiting weaknesses in the network services that we are running on our Red Hat Linux system. These are programs - often run in the background with no controlling terminal (called “daemons” in Unix, and “services” in Microsoft Windows) - that provide services to other computers. Examples include file transfer protocol (ftp), Web, Network File System (NFS), and print servers. Enabling and disabling services The first and easiest way of reducing our vulnerability is to disable all the services that we don’t need. In particular, we need to be very careful about older services that send sensitive information (such as user names and passwords) across the network without any form of encryption (in plain text). Also, services that gratuitously hand out information about our system should be avoided where possible. The following tables will help you to decide which services you need to run. Service TCP/UDP Port number Description Red Hat Package Security Level Run it? echo 7 Sends received characters back to sender. xinetd None. No. (Unless you really need to debug remote terminal problems) daytime 13 Sends current date and time as ASCII string back to sender. xinetd None. No. Use NTP for time synchronisation. It is more accurate and has better security features. chargen 19 Generates continuous stream of ASCII characters for testing terminals. xinetd None. No. (Unless you really need to debug remote terminal problems) chargen 20 (data) 21 (control) Random ports >1023 File Transfer Protocol. Allows transfer of files to and from remote systems. vsftp or wu-ftpd Weak. user names and passwords sent in plain text. “Anonymous FTP” allows access with no password. No. Use FTP instead. ssh 22 Secure shell. Allows remote system to Openssh Good. Data is encrypted and Only if remote access to 415
Note: If you are looking for good and quality webspace to host and run your java application check professional java hosting services