secure server network. Most firewalls allow this. It can also easily be accomplished by using

routers behind the firewall. Chroot Environments chroot is a UNIX command used to run a command or interactive shell with a special root directory. This command can also be used to create virtual file systems and directory trees. If possible, configure applications like DNS, sendmail, web and ftp servers to run in a chrooted environment. In the event that the application is compromised, the hacker would then be limited to a subset of the file system and would not have access to the real root file system. Interesting Files Check for files that have no permissions or have invalid owners or groups. Sometimes administrators will have files that have no permissions assigned to them. These files are generally executed by a script, cron job, or other application that temporarily changes the permissions during the execution of the program, then resets the program back to the original state. Look for stray copies of password or shadow files, files with names beginning with a “.”, and setuid root programs in world-writable directories and home directories. Peripheral Devices Consider removing or restricting access to local or network peripheral devices. Malicious code can be introduced into secure networks through their peripheral devices. If an external device is not required for a specific client or server, have it removed. If the device cannot be
Next topic
Previous topic