Tell you how to eliminate the top ten network security risks

System Administrators often complain that they cannot eliminate system vulnerabilities because they do not know which of the following security issues are the least secure, and they do not have time to deal with all the problems. To this end, the Information Security Department has identified the top ten security risks that the system administrator can immediately eliminate.
1. BIND Vulnerability

The top 10 are the BIND vulnerabilities. Some systems install and run BIND by default. Such systems are vulnerable to attacks even if they do not provide DNS services.

Preventive Measures

We recommend that you execute a data packet filter and firewall, and carefully check the BIND software. Ensure that non-privileged users are running in the chroot () environment. Disable external partition transfer. Check the partition ing, confirm that the patch has been installed to create logs and modify the BIND so that it does not provide partition transfer for untrusted hosts.

2. General Gateway Interface programs with Vulnerabilities

The second among the top ten vulnerabilities is the vulnerable CGI program and the extension program on the Web server. Intruders can easily use vulnerabilities in CGI programs to modify webpages, steal credit card information, and even create backdoors for the next intrusion.

Preventive Measures

The modified ht: // dig software package can prevent this attack. If other CGI vulnerabilities still occur, we recommend that you store the password in the shadow file and execute Crack on the password to ensure that it is not easily recognized by intruders; we recommend that you set ssh or other forms of remote shell access to an independent host, which does not provide other services and functions.

3. Remote Procedure Call (RPC) Vulnerability

RPC allows programs on one host to execute programs on another host. Many attacks exploit the vulnerability caused by the RPC vulnerability.

Preventive Measures

Related services are prohibited. firewalls and border devices can only provide necessary services through the network, and services such as calendar and time are blocked on the firewall. systems and applications must be updated and patched at any time to ensure the latest version; fully scans the NFS server. modifies the password of the NFS server so that the password can withstand the check.

4. Microsoft IIS Remote Data Service Vulnerability

The system administrator who runs the IIS server must be careful with security notices and patches, because IIS is easy to become the target of attacks.

Preventive Measures

Eliminate RDS vulnerabilities, install patches or upgrades, and correct all known other IIS security vulnerabilities.

5. Sendmail attacks

Sendmail is a software running on Unix and Linux platforms that sends, receives, and forwards emails. It has been discovered for a long time and has become an attack target for its wide application.

Preventive Measures

Upgrade to the latest version and install patches. Do not run Sendmail in future program mode on hosts of non-mail servers or non-mail relay sites. Avoid email customers from completing most of the functions in the root user space.

 

6. sadmind and mountd Buffer Overflow

Sadmind supports remote management access to the Solaris system and provides graphical interfaces for management. mountd can control and process access to NFS mounts on UNIX hosts.

Preventive Measures

Disable services, patch the system, disable services, and even delete services that can directly access the network on the host. if the system does not require services, disable them.

7. misconfigured file sharing

Improper file sharing affects multiple operating systems, exposes important system files, and even provides full file system access permissions for "Enemies" connected to the network. Global File Sharing or inappropriate sharing information may occur in the following situations: NetBIOS and Windows NT platform, Windows 2000 platform, unix nfs, Macintosh Web Sharing, or AppleShare/IP.

Preventive Measures

For Windows systems, it is shared only when necessary. for Windows NT/2000 systems, do not allow anonymous access to user, user group, registration key, and other information through "Null Session" connections, on a vro or NT host, the inbound connection to the NetBIOS session service is blocked. For a Macher system, file sharing is performed only when necessary. For a UNIX system, make full use of the noexec, nosuid, and nodev options of the mount command. Do not use unencrypted passwords on UNIX Samba servers. If possible, consider converting to a safer file sharing structure.

8. Password

Improper password setup or account password setup are the easiest and most difficult to implement.

Preventive Measures

Educate users and system administrators to fully understand the role of good passwords; establish appropriate password policies and regularly check password security, at the same time, the policy is improved using some tools and extension packages provided by the system.

9. Buffer overflow on the IMAP and POP servers

Most of the known System and Application vulnerabilities are due to buffer overflow. Buffer overflow can cause many problems, such as system crashes, unauthorized root access, and data corruption.

Preventive Measures

Disable this type of service on a host that is not a mail server. Use the latest version to install the latest patch.

10. Default SNMP shared string

Network administrators use SNMP to manage and monitor various network connection devices. SNMP Version 1 uses an unencrypted "shared string" as the authentication mechanism. At the same time, most SNMP devices use the public shared string by default, which is rarely modified, attackers can exploit this vulnerability to remotely configure or even disable the device. In addition, the listening SNMP data stream contains a large amount of information about the network structure, as well as information about the systems and devices connected to it, which causes great harm.

Preventive Measures

If you must use SNMP, it is forbidden to use the SNMP shared string. If you use it, use SNMPwalk to verify and check the function name. If possible, set the MIB to read-only to block external SNMP access from the border device; check the SNMP agent to ensure that it is synchronized with the latest settings of the corresponding primary SNMP service. obtain the latest patch and install the agent after the compatibility test.

If the system administrator strictly follows the defense measures provided above, the security issues will be greatly reduced and you can work in a relatively secure environment with peace of mind.