|
An overview of approaches to system security
There are many issues to consider when trying to run server machines connected to the Internet. These issues are a constant threat to the stability and useability of your servers. Defending your servers from improper use and events, such as Denial of Service (DoS), virus attacks, hijacking your server to relay spam email, and other troublesome email requires a vigilance on the part of every FirstClass administrator.
FirstClass Internet Services has traditionally provided the tools needed to combat these threats. However, there are now even more powerful tools to make it easier for you to set up and maintain solid security for your system. Before we discuss the specifics of configuring Internet Services, let's look at some general approaches to security that can help you make your system's Internet Services more secure.
Physically securing the server machine
The first step in preventing abuse is to make sure unauthorized individuals cannot tamper with the Internet Services machine. These abuses include either physically disabling the machine or loading and reconfiguring software in a way that makes it vulnerable to attack.
Securing the server machine from unauthorized use
In cases where physical security of the Internet Services machine is not possible, you should secure the machine from unauthorized use. This may include setting good passwords for the machine and applying user/group privileges and conference permissions to control what users can do.
For example, you can run Internet Services as a Windows NT service or as a Unix daemon. This allows you to leave the machine logged in with no concern of unauthorized entry.
Securing the server from network attacks
The next step in preventing Internet Services abuse is at the operating system (OS) level. You should always run your OS vendor's latest security patches to prevent low-level network Denial of Service (DoS) attacks.
Next, disable all other network protocols on the Internet Services machine, as any software that accepts network connections is a possible doorway into your system. When Internet Services is running, it should only use those network ports it is configured to serve. File sharing, network logins, network management protocols, and other web servers are all frequently exploited to gain a foothold on the machine.
Keeping troublemakers off your system
If your system logs reveal certain IP addresses are testing your security (for example, trying to infect your system with the Code Red virus or usurping your system resources) you should consider blocking them. It's better to ban these IP addresses than to let them user your server for their own activity. The
Status tab on the Internet Services Monitor form has an Abuse indicator light with IP address and host name. This allows you to easily spot suspicious activity and block the offenders.
Be careful when blocking IP addresses to be sure they are not either a friendly site or an IP address handed out temporarily (for example, by Dynamic Host Configuration Protocol (DHCP) from an Internet provider). There are quite a few good Internet sites that can be used to verify the origin of IP addresses (for example, www.samspade.org).
Clamping down on SMTP relaying
If you don't require SMTP relaying on your machine then don't turn it on. If you need it, turn it on in the most restrictive way possible. SPAMmers like finding an open relay, as it legitimizes their junk mail by making it appear to be coming from your server. This allows them to send mass mailing using your bandwidth. As the administrator, you want to reject SPAM as early in the process as possible without actually blocking legitimate email.
|
