Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Documentation Index
Security
Unix
Basic Guidelines
Security Updates
Account & Password
Network Services
Tripwire
Log Files
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Training & Education
Technical Support & Services
Campus Partners
Information Security Office (ISO)

Network Services

Any services which are not needed for your day-to-day use should be disabled. Most operating systems turn on too many services by default. This includes services such as SMTP, IMAP, POP, telnet (ssh is more secure), ftp (scp is more secure), http, DNS, and others. If you aren't sure that you need it, you most likely don't. While it may seem obvious to some, remember to check /etc/inetd.conf. This file allows services to start "as needed" when a request hits the machine from the network. So a service that you think is disabled may not be if it's still available through this service. For some flavors of Linux/UNIX, there is an excellent tool called Bastille Linux. This tool "hardens" various UNIX operating systems.

Last Updated:  May 26, 2004