Page 522 - StudyBook.pdf
P. 522

506    Chapter 8 • Infrastructure Security: System Hardening

                 There are a number of known exploits against DNS servers in general. For
             example, a major corporation placed all of their DNS servers on a single segment.
             This made it relatively simple to mount a DoS attack utilizing ICMP to block or
             flood traffic to that segment. Other conditions administrators must harden against
             are attacks involving cache poisoning, in which a server is fed altered or spoofed
             records that are retained and then duplicated elsewhere. In this case, a basic step for
             slowing this type of attack is to configure the DNS server to not do recursive
             queries. It is also important to realize that BIND servers must run under the con-
             text of root and Windows DNS servers must run under the context of system, to
             access the ports they need to work with. If the base NOS is not sufficiently hard-
             ened, a compromise can occur.
             NNTP Servers


             NNTP servers are also vulnerable to some types of attacks, because they are often
             heavily utilized from a network resource perspective. NNTP servers that are used
             to carry high volumes of newsgroup traffic from Internet feeds are vulnerable to
             DOS attacks that can be mounted when “flame wars” occur.This vulnerability also
             exists in the case of listserv applications used for mailing lists. NNTP servers also
             have vulnerabilities similar to e-mail servers, because they are not always configured
             correctly to set storage parameters, purge newsgroup records, or limit attachments.
             It is important to be aware of malicious code and attachments that can be attached
             to the messages that are being accepted and stored. NNTP servers should be
             restricted to valid entities, which require that the network administrator correctly
             set the limits for access. It is also important to be aware of the platform being used
             for hosting a NNTP server. If Windows-based, it will be subject to the same hard-
             ening and file permission issues present in Windows IIS servers.Therefore, there are
             additional services and protocols that must be limited for throughput, and defenses
             such as virus scanning that must be in place.

             File and Print Servers

             The ability to share files and printers with other members of a network can make
             many tasks simpler and, in fact, this was the original purpose for networking com-
             puters. However, this ability also has a dark side, especially when users are unaware
             that they are sharing resources. If a trusted user can gain access, the possibility exists
             that a malicious user can also obtain access. On systems linked by broadband con-
             nections, crackers have all the time they need to connect to shared resources and
             exploit them.



          www.syngress.com
   517   518   519   520   521   522   523   524   525   526   527