by default is also important (e.g., IIS is installed by default by SMS and SQL Server on

Windows platforms). A quick method for taking inventory of services running on the network is to port scan. TCP/UDP Servers and Services on the Network Scan the network for all active TCP/UDP servers and services on each computer in the network. Shut down unnecessary servers and services. For those servers that are necessary, restrict access to only those computers that need it. Turning off functional areas, which are seldom used but have vulnerabilities, prevents an attacker from being able to take advantage of them. Other applications install with sample CGI scripts, which sometimes contain problems. As a general rule do not install sample applications in production systems. Passwords Poor password selection is frequently a major problem for any system's security. Users should be forced to change their passwords regularly. Set up password aging via Account Policy for Windows systems or the /etc/default/passwd file in UNIX. Administrators should obtain and run password-guessing programs (i.e., “John the Ripper,'’ “L0phtCrack,” and “Crack”) frequently to identify those users having easily guessed passwords. Because password cracking programs are very CPU intensive and can slow down the system on which it is running, it is a good idea to transfer the encrypted passwords (the dumped SAM database for Windows and the /etc/passwd and /etc/shadow files in UNIX) to a standalone (not networked) system. Also, by doing the work on a non-networked machine, any
Next topic
Previous topic