Network services can pose many risks for RHEL systems. Some of the primary issues are the following:

• Denial of Service attacks (DoS) – By flooding a service with requests, a DoS attack can bring a system to a halt as it tries to log and answer each request.

• Script Vulnerability Attacks – If servers like Web servers use scripts to execute server-side actions, a cracker can mount an attack on improperly written scripts. These script vulnerability attacks can lead to a buffer overflow condition or allow the attacker to alter files on the system.

• Buffer Overflow Attacks – Services that connect to ports numbered 0 through 1023 must run with the user login of the administrator. If the application has an exploitable buffer overflow, an attacker could access the system as the user running the daemon. As a result of exploitable buffer overflows, crackers use automated tools to identify systems with vulnerabilities. Once they gain access, they use automated rootkits to maintain access to the system.

To enhance security, most network services installed with RHEL are turned off by default. Some notable exceptions are:

• cupsd – The default print server for RHEL.

• lpd – An alternate print server.

• xinetd – A super server that controls connections to a host of subordinate servers, such as vsftpd and telnet.

• sendmail – The Sendmail mail transport agent is enabled by default but only listens for connections from the localhost.

• sshd – The OpenSSH server, which is a secure replacement for telnet.

Leave these services running if the resources controlled by these services are available. For example, if a printer is not available, do not leave cupsd running. If you do not mount NFSv3 volumes or use ypbindservice for NIS, then disable portmap.

RHEL ships with three programs designed to switch services on or off. They are the Services Configuration Tools named:

• system-config-services

• ntsysv

• chkconfig

See the man pages of these commands for usage information.