34,333
edits
Changes
no edit summary
A computer system that is not connected to a network, or the internet (or both) is a rare thing indeed in this day and age. While this provides a considerable amount of power and flexibility to the user in terms of access to remote services, data and information it carries with it great risks. It is not too much of an exaggeration to state that any computer connected to a network is in danger of being attacked in some way. For proof of this fact look no further than the secure computer environments used by government defense organizations. To these people, a secure computer is located in a physically secure area where users pass through stringent security checks and are searched to ensure they are not carrying any portable storage devices or media which would allow software to be installed in a secure system. The computers themselves, whilst possibly networked to each other, have absolutely no contact to the outside world.
Obviously, such levels of security are beyond the needs and means of the average user or company and, quite frankly, disconnecting all the computers in an enterprise from the outside would negate he the whole purpose of IT infrastructure. The best approach, therefore, is to make sure that all computer systems are as secure as possible. This requires a multi-layered defense strategy, the most basic of which is ensuring that only necessary ports and services are available on all systems on a network. In this chapter we will look at this strategy in detail.
== Understanding Ports and Services ==
Securing a system involves both removing any unnecessary services from the operating system and ensuring that the ports associated with the non-essential services are blocked using a firewall.
Many operating systems are installed with a number of services installed and activated by default. Before installing a new operating system it is essential that the installation be carefully planned. This involves deciding which services are not required and identifying which services have been installed and enabled by default. Deployment of new operating system installation installations should never be rushed. The fewer services and open ports available on a system the smaller the surface area and opportunities for attackers. A good way to verify the security level of a system prior to deployment is through the use of ''Port Scanning'' technology.
== Port Scanning ==
Port scanning involves the use of software designed specifically to scan all the ports on a system to find out which ports are open and have services running behind them. Port scanners are best run externally, in other words on another system on the network, as opposed to the system being tested. Port scanning need not be an expensive undertaking. In fact a wide selection of extremely comprehensive scanning tools are is available for download on the internet.
After execution, the port scanner will generate a report listing the services and vulnerabilities present on the target system. Use this information to decide which non-essential services can be disabled.
