Understanding and Identifying Common Services and Nonessential Services Posing Possible Security Threats

It is an IT professional's responsibility to be sure that the network is secure and safe from attacks. This is an enormous undertaking. Most servers come with a wide range of services and protocols, many of which are turned on by default. The first step in securing your environment is to formulate a plan. The plan should include the following:

The role of each server along with its current configuration
The services, protocols, and applications required to meet the business needs
Any configuration changes that should be made to the existing servers, such as additions and the removal of nonessential server services that don't meet business needs

Overlooking the planning phase can spell disaster. Many times though, this phase is skipped because the server has to be put in place right away or its original role has been changed without any reconfiguration. The technology world is changing constantly, and your network needs to change along with it to accommodate new ways of doing business while protecting yourself from new vulnerabilities. It is dangerous to sit down at a server and try to configure it without a plan. Each operating system has its own set of protocols, scripting languages, and tools. You could not possibly cover all bases efficiently and effectively without proper planning. Your plan should also be reevaluated on a regular basis. What is a viable solution now might not work in the future.

Establishing a Server Role

By identifying the role that each server plays, it can more easily be determined which services and protocols are required or needed. Common roles for servers include the following:

Logon server These servers authenticate users when they log on to their workstations. These servers can also function as other types of servers.
Network services server These servers host services that are required for the network to function as per the configuration. These include Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Windows Internet Name Service (WINS), and Simple Network Management Protocol (SNMP).
Application server Used for hosting applications such as custom accounting packages and office suites.
File server Used for access to common user files and home directories.
Print server Used for access to the network shared printers.
Web server Used to host Web-based applications and internal or external Web sites.
FTP server Used to store files that are downloaded or uploaded. These can be internal as well as external.
Email server Used for email but can also be used to host public folders and groupware applications.
News/Usenet ( NNTP ) server Used as a newsgroup server where users can post and retrieve messages in a common location.

It should also be determined whether the server will be accessed from the internal network, from the external world, or both. This helps identify the services and protocols you need on your server. In the following sections, we discuss how to determine which protocols and services you need on your server as well as the benefits of removing unnecessary protocols and services.

Required and Critical Services

Every operating system requires different services for it to operate properly. Ideally, the configuration process should start with installing only the services necessary for the server to function. The manufacturer should have these services listed in the documentation. If not, a wealth of information on hardening servers can be found in books and on the Web. Using documentation to standardize the methods used to set up servers will make new deployments easier and more secure.

The best way to ensure that only necessary services are running is to do a clean install. When a computer system is shipped to you, there is usually additional software, such as the manufacturer's tools, or additional configuration changes that have been made. The only way to be sure the machine meets the specifications of the plan is to perform a clean installation using predetermined checklists or policies. This task is very time consuming but in the long run is worth it. An additional benefit is that it ensures you have all the software and skills required to rebuild the server should this ever need to be done. Taking the time to do it right the first time saves you many headaches down the road.

Determining Required Protocols

Some administrators install unnecessary protocols because they either misunderstand the protocols' function or think they may need them later. Protocols, like services, should not be installed unless required. When looking at your network environment, the following should be determined:

Whether the protocol(s) is required for desktop-toserver communication
Whether the protocol(s) is required for server-to-server communication
Whether the protocol(s) is required for remote accessto-server communication
Whether the protocol(s) chosen requires additional services
Whether there are any known security issues associated with the protocol(s) chosen

Many networks consist of a mixed Windows and Unix operating system environment. Hypothetically, you have decided to use TCP/IP as the communications protocol. Next, you need to determine whether to implement TCP/IP statically or dynamically through DHCP.

If you decide that TCP/IP is to be deployed dynamically, you need to use an additional service (DHCP). Although DHCP can ease administration costs, it is less secure because unknown users can plug into your network and receive a TCP/IP address. This is especially true on unsecured wireless networks, where someone can be in the parking lot with a laptop attached to your network via a wireless connection.

TCP/IP also requires that you have a DNS server deployed for proper name resolution. In the hypothetical network, both Unix and Windows operating systems are running, and depending on whether Windows NT 4.0 or Windows 2000 is used, both DNS and WINS may be needed.

You must consider the implications in security planning. Weighing the factors helps you make wise choices in deploying services and protocols. The risks associated with running each choice of service and protocol should be researched and documented. It would be great to eliminate the associated risks altogether, but this is virtually impossible in today's world. However, being able to come up with possible solutions to reduce the risks associated with each service and protocol is a step in the right direction.

Benefits of Removing Protocols and Services

Deploying a server out of the box may have services installed that actually pose security risks. An unconfigured server is a server looking to be hacked. Therefore, you need to determine which services can be uninstalled or disabled. It is not wise to run services that aren't going to be used. If they are left installed and improperly configured, someone else may use them to do harm to the network. This can happen from inside the network as well as from the outside. These days, more harm is done by disgruntled and curious employees than from outside hackers.

Remember that secure networks require planning time. Companies have a tendency to want to deploy new technology as fast as they can to take advantage of what it can do for them. The number of configuration options offered in each new operating system increases faster than we can imagine. Being able to identify and implement only the necessary services and protocols required is a skill that must be learned. This approach helps reduce the attacks that affect every network.