34,333
edits
Changes
no edit summary
A computer system that is not connected to a network, or the internet (or both) is a rare thing indeed in this day and age. While this provides a considerable amount of power and flexibility to the user in terms of access to remote services, data and information it carries with it great risks. It is not too much of an exaggeration to state that any computer connected to a network is in danger of being attacked in some way. For proof of this fact look no further than the secure computer environments used by government defense organizations. To these people, a secure computer is located in a physically secure area where users pass through stringent security checks and are searched to ensure they are not carrying any portable storage devices or media which would allow software to be installed in a secure system. The computers themselves, whilst possible possibly networked to each other, have absolutely no contact to the outside world.
Obviously, such levels of security are beyond the needs and means of the average user or company and, quite frankly, disconnecting all the computers in an enterprise from the outside would negate he whole purpose of IT infrastructure. The best approach, therefore, is to make sure that all computer systems are as secure as possible. This requires a multi-layered defense strategy, the most basic of which is ensuring that only necessary ports and services are available on all systems on a network. In this chapter we will look at this strategy in detail.
== Understanding Ports and Services ==
The predominant network communications protocol in use these days is TCP/IP. It is the protocol used by the internet and as such as has swept away most of the formerly popular protocols used for local area networks (LANs).
TCP/IP defines a total 65,535 ''ports'' of which 1023 are considered to be well known ports. It is important to understand that these are not physical ports into which network cables are connected, but rather virtual ports on each network connection which can be used by applications and services to communicate over a TCP/IP network connection. In reality the number of ports that are used by popular network clients and services comprises an even smaller subset of the well known group of ports.
Securing a system involves both removing any unnecessary services from the operating system and ensuring that the ports associated with the non-essential services are blocked using a firewall.
Many operating systems are installed with a number of services installed and activated by default. Before displaying installing a new operating system it is essential that the installation be carefully planned. This involves deciding which services are not required and identifying which services have been installed and enabled by default. Deployment of new operating system installation should never be rushed. The fewer services and open ports available on a system the smaller the surface area and opportunities for attackers. A good way to verify the security level of a system prior to deployment is through the use of ''Port Scanning'' technology.
== Port Scanning ==
