Windows operating system is notorious on its vulnerable to be hacked. People may think that UNIX is a better operating system especially to its resilient to hackers. Let’s take a look at the UNIX System.

UNIX is an operating system designed to be easy to use and allows sharing of resources to all users. Its public-domain variants are particularly vulnerable; and, with its rich network services, it couldn’t possibly make a decent firewall. This may lead people to think that UNIX is less secure than other operating systems.

The fact is that UNIX is no less secure than other operating systems. The off-the-shelf distribution of most operating systems is insecure by nature. You cannot make a system secure (or as secure as your policy deems necessary) only after drafting a security policy and configuring a system according to the standards dictated by that. But, we, as potential future System Administrator to UNIX Systems, should not overlooked the importance of security issues UNIX may have. You need to draft a comprehensive security strategy to ensure that these systems stay safe. This strategy should involve general security practices, as well as specific, technical procedures related to the UNIX operating system.

Worms have been the most prolific attacks in terms of the numbers of attacks launched. In year 2001, Lion Worm and Sadmind worm attacked UNIX systems.

These worms all have a single, common behavior – scanning. Once a worm has successfully attacked a server and installed itself, the worm begins scanning for other victims.

This presentation demonstrates the security holes in UNIX both as a workstation and a server in a network as well as a subnet in WWW.

It is very important to a UNIX system administrator to know these security holes and also know ways how to fix them.

2. A Typology of Network Attacks

So what exactly are you trying to protect yourself from? Most network security attacks fall under the following categories:

2.1. Denial-of-Service (DoS) Attacks

The intruder uses disruptive mechanisms to jam the target network’s resources, which become temporarily (or permanently) unavailable. Hackers typically carry out this attack by using TCP/IP requests with bogus source addresses, or by sending a large number of simultaneous requests (also known as flooding). This type of attack is especially costly for e-commerce sites, where network availability is critical.

2.2. Brute-Force Attacks

This type of attack is aimed toward password-protected and encrypted information resources. Armed with a fast processor, an intruder explores every combination of passwords (or secret cryptographic keys) until a correct one is found and the resource is unlocked. This approach usually involves a dictionary attack, where the search for keys is narrowed down to a list of commonly used alphanumeric strings.

2.3. Social-Engineering Attacks

These are perhaps the most difficult types of attack to defend against. A hacker calls a user and impersonates a support technician in need of the user’s password. This is the simplest type of attack—as well as the most effective. AOL used to have this type of security hole as it allows users to submit their password through the phone or the Internet. An attacker may disguise himself/herself as a technician of AOL by calling a user to ask for his/her password.

2.4. Passive Attacks

Attackers don’t always need to break into a target’s facilities to gain access to information. By sniffing a network wire, an attacker can collect sensitive data or authorization information that can be used later to gain access to other resources. Strong encryption is the best weapon for fending off passive attacks.

2.5. Network Scanning

Searching networks for potential victims. This includes determining what a network looks like and how it might be exploited.

2.6. Data Capture

Capturing data that is sent over the Internet, including data theft and username/password theft.

2.7. Unwanted Network Use

While this threat primarily causes loss of productivity and increases corporation’s liability, it can also provide an avenue for indirect attacks.

2.8. Active Attacks

This includes direct attacks on vulnerable servers, as well as indirect attacks, such as viruses and Trojan Horses.

2.9. Blended Threats

This is an increasingly primary concern for corporate IT, blended threats combine the methods of viruses, worms and Trojan horses. An attacker could use the IP address of a "trusted" machine and scan various hosts; simply cycling through network IPs at random is sufficient in most cases.

This leads to the first major problem: TCP/IP is an inherently insecure protocol, and offers attackers many methods to penetrate your defenses. The majority of TCP/IP traffic is unencrypted, and attackers can view data as it passes by. For example, logging into mail servers and retrieving email can be insecure.

Attackers can also spoof the identity of other trusted machines, pretending to be someone they are not, and can even hijack active connections using tools like "HUNT". Another method is simply to crash the trusted machine, which is relatively easy (especially on LANs), and then uses its IP address to connect to servers.

Finally, attackers can avoid all network-based defenses and simply scan the company's phone exchange. It's almost certain that any major company will have at least one modem attached to an internal machine that isn't secured.

All of these techniques allow the attacker to do an end run around firewalls and IDS systems deployed at the Internet gateway. (Remember the Maginot line?)

3. Protecting Information Assets

Why do we care about the Security? Because data, software and hardware are all a company’s asset and the base line to a company’s business. No company likes to loss its asset. Data at the information age is the most important asset that a company should protect for.

Is anyone eavesdropping on your data? Is anyone tampering with it, or preventing users from accessing it? These are just some of the questions you should be concerned with when it comes to protecting your company’s most valuable asset: information.

Every year hundred of millions of dollars are lost directly related computer security holes and attackers to the public network. According to the 1998 Computer Security Institute/FBI Computer Crime and Security Survey, the financial losses associated with security breaches have increased dramatically in the last quarter of 1998. The total financial loss for the 241 organizations included in the survey is $136,822,000. This figure is a 36 percent increase in reported losses over the 1997 figure of $100,115,555.

Information security aims to protect corporate assets as well as minimize both internal and external security threats.

3.1. Asset and Risk Assessment

The question is what do you have to lose? By taking a close look at your company’s assets and their relative values, you can gauge the cost associated with a potential compromise in security. Some questions you might want to ask include: Is the data on all servers equally valuable? Should the payroll database be protected with the same defense measures that are applied to the Usenet news server?

3.2. Identify Security Holes

To identify the security holes existing in UNIX system and in the network is the first step to do before you can plan to protect your asset.

Section 4 focuses on the security holes in UNIX system when it functions as a workstation and section 5 focuses on the security holes in commonly used network and different protocols.

Section 6 is devoted to the solution as how to set up the defense. It provides a number of tips system administrators may need to know to make the UNIX system and the network secure.

3.3. Security Policy Development

Once you’ve identified your critical assets, you can develop a comprehensive security policy that outlines your defense plan. A security policy is a written document that lists specific procedures and actions that employees should follow to ensure that corporate assets are properly protected.

3.4. Security System Implementation and Maintenance

Once your security policy is in place, identify the tools and mechanisms you need to implement the policy on a day-to-day basis. Implementation is likely to involve perimeter defense tools (firewalls, monitoring devices, intrusion detectors, and so on), as well as data encryption and physical security.

3.5. Security Awareness Training

It is vital to make everybody a part of the security process. Your department should regularly provide training to ensure that everyone is aware of your organization’s current security policy.

3.6. External Audits

As security threats evolve over time, so should the procedures designed to protect corporate assets. A firewall built in 1990 would be ill-equipped to deal with the latest Java security threats. External audits help you determine whether your existing security implementation meets the requirements of your company’s security policy. You can also use them to re-evaluate your security policy in the light of recently acquired corporate assets.

4. UNIX as a Workstation

UNIX is a flexible operation system and the machine runs UNIX can serve as a workstation at a person’s office. It can also be configured to have a network connection to make it part of a network.

UNIX provides many services and it makes use of UNIX handy and easier. However, as a compromise to easy of use, many of these services do not have a security design in place.

4.1. Password File /etc/passwd

Event though the password is encrypted, a hacker who gains access to passwd file may use an electronic dictionary to guess the password. With the fast process machines these days, cracking a not very well formatted password is only a matter of days.

Using commend ypcat passwd you can open password file and expose users’ login password in unencrypted format.

4.2. Machine Equivalent

The “r” commands (rsh, rcp , rlogin, rhost etc) were originally developed as a security improvement over Telnet. As telnet is an insecure network protocol, it prompts user for login name and password for each connection. For convenience, the ‘r’ family comes to play and it allows you to get services from other UNIX machine without typing your password. Initially, this was thought as a security success. Why? With telnet, everything your typed in are transmitted over the network with clear text, no protection even for your password. The ‘r’ family depends on hostname and IP address for authentication. This is achieved by configure hosts.equv and .rhost files in server machine. (/etc/hosts.equiv and /home/username/.rhosts). The dangers are:

(1) Anyone with a packets sniffer can see exactly what you are typing, word

after word.

(2) The authentication comes from information saved in file /etc/hosts.equiv

and .rhosts.

In these files, you can have a variety of entries that authorize a user from

various hosts.

(3) An attacker’s host can disguise itself as a trusted host or client.

For example:

If you have something like this in your /etc/hosts.equiv file,

yahoo.com nwang

wsu.edu Stephanie

Anyone who sets up their system to have the hostname yahoo.com, wsu.edu through IP spoofing can pretend to have that hostname or IP address. All the attackers have to do is to pick the correct user name to gain access to your system.

In this case nwang@yahoo.com or Stephanie@wsh.edu can login to this machine without a password.

Once an attacker has logged in to your system, is can do this:

rcp yourhost:/etc/passwd

If your system does not shadow the password, the intruder now has a copy of your password file and needs only to run one of the many available password crackers out there to get a clear text version of your password file.

You can do this on a per user base as well. I did this type of machine equivalence for my account in both admiral and hoare.

The .rhost file in admiral contains

Hoare.cs.umsl.edu a-wang

and .rhost in hoare contains

admiral.umsl.edu s067724

Once this is set, I now can log in from admiral to hoare without a password.

All these “r” family commands employ TCP/IP protocol. TCP/IP is just a transmission protocol, and does not have security in place.

The Sadmind virus mentioned before just used “r” command to get into victim’s system. Here is a quote from a report in http://www.sophos.com/virusinfo/analyses/unixsadmind.html

Unix/SadMind is an internet worm which propagates using a buffer overrun exploit on Solaris systems in the sadmind program, part of the Solstice AdminSuite.

When the worm attacks a system it will append the text "+ +" to the .rhosts file belonging to root. It will then copy the worm (using rcp) to the new machine and extract into a new /dev/cuc directory. /etc/rc.d/S71rpc will be changed so the worm is started when the system is started and then that file will be run to make the worm active immediately.

When the worm is active it will scan random class B networks looking for vulnerable machines to infect next.

http://www.sophos.com/virusinfo/articles/glossary.html#unixworm is a good website reporting variety of virus to UNIX.

How to prevent this? Carefully configure your system for remote access; shadowing your password, and have a good security policy are all very important to prevent these security leaks. Lots of UNIX scripts should only be run by super user or root. So even an attacker cracks down a user’s password, the damage is minimum.

Replace the ‘r’ family services via the counterpart services from Unix Security Shell (SSH) is the best way to protect attackers from intruding your machine while provides the user friendly services as SSH encrypts data before it sends it from one machine to other. Fig. 4.1 shows how SSH works in a client – mail server architecture.

Fig. 4.1 How SSH secures your data.

4.3. UNIX Mailx Service

UNIX service mailx is another example of UNIX security holes as mailx allows you to send e-mail to anyone in the world on behalf on someone else.

Here is an example:

Mailx –r fake@fake.com –s joke nwang@sbcglobal.net s067724@admiral.umsl.edu

This is a joke.

Once this mail is sent, the person who received this mail will think that it is from fake@fake.com. If you change fake@fake.com to your boss’s e-mail address, and ask the recipients to do something, you can imagine how much you can do with it.

5. UNIX Server as Part of a Network

5.1. Introduction

Most networks have at least a few UNIX-based machines. These UNIX servers typically provide infrastructure -- network and backend services (company mail server, database, etc.), which are a critical component of most networks.

Terminals, for example, are useless without file and print servers. Many of these servers are publicly accessible (e.g., DNS, email, and Internet servers) making them easy to attack. Even if the server is internal and cannot be attacked via the Internet, there is still the internal network to worry about. Regardless of how well you use firewalls and other filtering mechanisms to control server access, these tools are not enough on their own. An attacker can walk into an office building, find an unused Ethernet jack, and plug in laptop connected to a cell phone and then leave, thereby gaining the ability to attack the network from the inside.

Furthermore, a night janitor, for example, could use scanners and probing software (such as Nmap, Nessus, Saint, or Cheops) quickly build a detailed model of your network with minimal effort.

In this section, a brief introduction on each of the major network protocols and services will be presented so that their strength and weakness are understood.

It is important for system administrators to understand how these services work, otherwise it will be hard to identify network problems and find out good solutions when someone reported mal behaviors or slow performance of a network.

5.2. Domain Name System (Service) (DNS)

It's safe to say that anyone connected to the Internet has at least one DNS server, and it is probably running on BIND (Berkley Internet Name Daemon). Fig.5.1 shows how a DNS server works.

Fig. 5.1 DNS Server in action

A DNS functions to the network nodes (terminals and desktops) the same way as a yellow page phone book serves to subscribers. Any machine that has a connection to a site can ask DNS in its site for the address (and other info) of another machines in the same site or event in different sites. Any machine that has a connection to the Internet can also using DNS service by sending a URL to its ISP and the ISP is responsible to find right destination machine by consulting to DNS service. As only IP addresses of machines are used when machines need to talk to each other, DNS server provides the service mapping the string formatted machine name to its IP address.

Bind has a long history of problems, including remote root exploits. Attackers can, for example, query a.your.org, b.your.org, and so on to get IP address of these hosts. When using a dictionary, this is quite effective for discovering hosts. Another method is to use reverse DNS lookups, start with 1.2.3.1, then 1.2.3.2, and continue till one has worked one’s way through a company's address space. There are many tools to automate these procedures. Logging such DNS queries is a futile exercise since the amount of data generated will be significant, and more importantly, attackers can use third-party DNS servers to do queries, thereby masking their identities

5.3. Dynamic Host Configuration Protocol (DHCP)

DHCP works as an agent in your organization when you need to control client’s machines in your network. It functions like a telephone provider to end customers. When a customer needs a new phone service, a new phone number is assigned to the customer by the phone service provider. In the same way, when a new client machine is added to your network, it needs an IP address so that it can be uniquely identified by others. DHCP assigns an IP to this client and makes the client part of the network. Fig.5.2 shows the basic concept as how a DHCP works.

Fig. 5.2 Handshake of client and server in a DHCP

This centralized control of network settings on client’s machines makes administrators life much easier. However, it also provides numerous possibilities for an attacker. ISC's DHCP client for UNIX (one of the most popular) had a root exploit in it, meaning that if an attacker could hijack your DHCP server, or set one up on your network, he could remotely exploit clients. Even if all your DHCP clients were up to date, an attacker still would have many options. For example, if an attacker were to set up a computer, or hijack one on an existing LAN and provide DHCP answers faster than the legitimate DHCP server, clients would use it to configure their network settings. With this, an attacker could give the client a false default gateway, routing all traffic through the compromised machine, allowing him to examine traffic for passwords and other confidential data. An attacker could also point clients to a different name server, so when your machine looks up 401k-server.intranet.your.org, instead of connecting to the internal server, clients would be pointed to an attacker's machine.

Denial of service attacks are also relatively easy if you use pools of IP addresses to assign to clients instead of static mapping. By requesting all available IP addresses, any legitimate client would be told that none are available, and would not be able to access the network. (Windows NT RAS servers are famous for doing this unintentionally; luckily it is not for UNIX.)

5.4. Email

The most popular protocol for email is SMTP. It is based on TCP/IP protocol. There are three stages for an e-mail to send or to receive. Connection setup, mail transfer and connection close and it involved normally four agents; an user agent that allows to read and write e-mails; a transport agent that transfers e-mails to and from you; a delivery agent that deliveries e-mails to their destination and put mails in a message store, and finally, an access agent down loads mails to your local machine when you need them. Fig. 5.3 is a conceptive view of SMTP.

Fig. 5.3 A conceptive view of SMTP

IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) are primary protocols used by access agent.

SMTP allows only plain text message to be delivered, so security is not so serious until MIME (Multiple Internet Mail Extensions) protocol comes to play. It allows primarily anything to be sent via an e-mail server as an attachment. An attacker can easily send virus through attachments.

All inbound and outbound mails are received or delivered via SMTP, therefore all agents are inside your network (there are same types of agents in a recipient’s network). Messages are sent to outside of your network without encrypted by default, so you see the security hole here already. An attacker can hijack your massage as his/her will with easy. Is security not a problem when mails are managed by different agents before reach to you? No!

Most mail-related programs have a terrible history of root hacks. Sendmail used to be the poster child for insecure software, and most POP and IMAP servers have had at least one remote root hack. Usernames and passwords are sent in clear text in POP and IMAP, so remote users accessing the POP or IMAP service from outside of your network will have their usernames and password exposed to attackers.

The other main attack comes from people trying to use your mail servers to send email (known as relaying) and is typically used by spammers to cheaply deliver bulk mail. The bulk mail is also known as Junk mail. It wastes lots of valuable bandwidth.

5.5. The Internet

The most popular protocol used by the Internet is HTTP which runs on top of TCP/IP. It is a connectionless protocol, meaning that there is no handshake between two servers when a request is sent from your favorite browser to your web host (ISP). Your web host does not care where the info comes from, it just sends a request (route) to another web host for the info you requested. The message header only contains info about the IP address of the requested host and the IP address of the intended service, the middle hosts only check if the IP for the intended service is inside their network. If not they just simple bypass it to the next node. Fig. 5.4 shows the basic architecture of the Internet.

Fig. 5. 4 A concept view of an Internet and its services

Because of the way the Internet works, it is very easy for attackers to hack any ISPs or even to your machines.

Parasite is one types of annoying practice that companies who create some kind of software. Once installed, it watches your web surf and reports the visiting website to the server. They will sale this type of info to some other companies for profit. The symptom is that ad pages keep pop up to your screen and it slows down the speed of your web browser.

5.6. File Transfer Protocol (ftp)

This is a service that is slowly waning in popularity and a good thing too. Fig.5.5 shows the architecture of ftp.

Fig. 5.5 Architecture of File Transfer Protocol

Almost all ftp servers (even OpenBSD's ftp server) have had remote root hacks that in many cases are exploitable via anonymous ftp. One of the more popular servers, WuFTPD, has a terrible track record (literally dozens of remote root hacks) and is under semi-active development. ftp also sends and receives all usernames and passwords in clear text, making it easy for an attacker to sniff.

5.7. Remote Procedure Calls (RPC)

RPC is a network protocol that is generally insecure, and enabled by default on most UNIX systems. Does not like other protocols, it allows a process make a function call with/without parameters to a process in the remote machine without knowing the location of the called process. Fig.5.6 shows the architecture of RPC.

Fig. 5.6 Architecture of Remote Procedure Calls

Most of the recent reports (September, 2003) on security holes found in Window’s are routed in RPC; however, it is not my concern here as we are talking about security on UNIX in this report.

Unfortunately, some operating systems, like Sun and IRIX, require it for numerous services (such as, NFS, sadmin, rquota, rusers, spray, wall, rex, ufs, amiserv, etc.).

Early versions of the Network File System (NFS) protocol relied on Remote Procedure Call (RPC) facility for client-server data exchange. This makes the NFS server vulnerable to unauthorized access, because RPC uses a rudimentary form of user authentication.

It is almost impossible to disable it without the OS complaining. RPC relies on the remote machine's IP address as a form of identification; needless to say, this is very weak.

5.8. Simple Network Management Protocol (SNMP)

SNMP is a standard protocol to internet management and it uses a manager-agent paradigm for network management.

A SNMP system contains two primary elements: a manager and agents. The Manager is the console through which the network administrator performs network management functions. Agents are the entities that interface to the actual devices being managed. Bridges, Hubs, Routers or network servers are examples of managed devices that contain managed objects. These managed objects might be hardware, configuration parameters, performance statistics, and so on, that directly related to the current operation of the device in question. These objects are arranged in what is known as a virtual information database, called management information base or MIB. SNMP allows managers and agents to communicate for the purpose of accessing these objects.

Fig.5.7 shows the architecture of this protocol, in witch NMS stands for Network Management Station and MIB stands for Management Information Base.

Fig.5.7 Simple Network Management Protocol

SNMP is the titanic of protocol when it comes to security. The existing SNMP standards do not really have any meaningful security features, relying on a "community" name to authenticate services. Unfortunately, this community name is often left as the default "public", even when set to something else, it is sent in message headers. There is no authentication for senders or receivers of data.

5.9. Databases

Database is often an ignored area of security. Many databases shipped with default passwords, including these that have administrative access. Make sure you verify that all built-in accounts are passworded correctly. The next largest problem is that developers are writing software that accesses the database, and giving the software far more access than it needs (e.g., the ability to make changes to system tables). When implementing software that accesses databases, scrutinize the level of access granted and reduce it to the minimum. Fig. 5.8 shows a pictorial view of a database service through the Internet.

Fig. 5.8 A pictorial view of a database service through the Internet

6. The Defense

6.1. Introduction

There are specific defenses against these attacks; however the list is rather huge. Having a good security policy and enforcing it, a solid IT/IS team, and procedures to deal with problems are generally your best defense. Specifically, you should keep software up-to-date, install vendor patches where possible, and restrict access to services. Physical security is also important -- consider buying lockable cases. Controlling access to workstations is almost impossible with cleaning staff and other people circulating around offices. Encrypt network traffic where possible, and consider using one-time password schemes (such as SecureID for services that require a higher degree of assurance). Filtering and scanning content is a must. This can be as simple as a packet-level firewall, all the way up to virus scanning proxy servers and intrusion detection systems (IDS). Since an attacker will usually have to modify binaries and configuration files on the system to create a back door for further access, tools like TripWire are invaluable. For UNIX and NT, the attacks and defenses vary significantly, defenses on NT will not be covered in this report.

6.1.1. The Devil Inside: Setting Up Your Defense

While the media might lead you to believe that security attacks originate from socially dysfunctional teenagers at the other end of an overseas telephone line, the most recent computer crime statistics indicate that the majority of computer attacks are carried out by insiders—employees and associates of an organization.

6.1.2. Plugging the Holes: a UNIX Hardening Guide

Since its early days, the UNIX operating system has been an open architecture, with tightly integrated communication support. At times, this has presented a challenge to those wanting to use UNIX in highly secure environments. You may have heard the horror stories about certain Unix vendors shipping unsecured default configurations, with known (or no) default passwords and anonymous services enabled.

But any Unix system can be made reasonably secure by applying a set of hardening procedures, by which only those services deemed necessary remain enabled. Starting by disabling all network services; then come up with a list of services you absolutely need to offer. For each service, make sure you run the latest version of the daemon (the program that actually listens for each service), and apply all security-related patches offered by your vendor for this particular daemon.

Hardening your UNIX server raises the bar on the level of skill and effort needed to crack into your system, thus discouraging joyride attackers looking for an easy target. But there is much to be learned from unsuccessful attacks, and there are freely available tools that let you log all network-access attempts to the UNIX server, both successful and unsuccessful. By logging suspicious network activity, you can stop would-be attackers from breaking into the system; more importantly, you can trace (and sometimes identify) successful attackers.

By implementing the following procedures, you can make the most common UNIX network services less vulnerable to attacks.

6.2. Domain Name System (Service) (DNS)

As mentioned in section 5.2 that Bind (Berkley Internet Name Daemon) has a long history of problems, including remote root exploits. The best way to deal with this is make sure that your DNS servers are all up to date, and that they are running as non-root users (the -t, -u, and -g switches can accomplish this). Trying to hide the server version is of little use since there are a variety of queries that can glean it from the server. DNS information should also be protected and, because it provides a phonebook to your network, zone transfers should be strictly limited to other DNS servers within your control. However, this will not stop an attacker from using brute-force methods to find out information.

Good policy plays important role in making your network more secure. For DNS, it is advisable to split these servers up into two parts; One for those providing information to the public (e.g., DNS service for *.your.org) and those doing queries for internal machines. This DNS configuration policy will make it much harder for attackers to try and insert false DNS data into your servers, or to otherwise abuse them.

6.3. Dynamic Host Configuration Protocol (DHCP)

The best way to catch the security problems described in section 5.3 is to monitor your DHCP server log files and watch for suspicious activity. You should also plug in a laptop running UNIX so you can watch the log files as its DHCP request is handled. You can also avoid "address pool exhaustion" by using static mappings for clients; however, this can cause increased administration headaches.

6.4. Email

If possible, you should not allow POP and IMAP connections from outside your LAN to protect username and password from attackers.

If remote users do require POP or IMAP access, you should use Secure Socket Layer (SSL) to wrap it.

Another option is a web-based email solution for remote users, which has the added benefit of being accessible from Internet kiosks.

Creating an "outside" mail server that proxies mail deliveries to and from your network can be effective in preventing many attacks.

Using a "free" OS such as Linux, and the Postfix mail server (developed by Wietse Venema, author of many security software packages), you can effectively prevent attackers from connecting directly to a vulnerable mail server and exploiting it. Most mail exploits depend on old versions of software; if you keep up to date, you will be pretty safe.

6.5. The Internet

As described in 5.5, parasite type of software is annoying; Spyblast is a software that can remove this software from your system.

Good security practices at the HTTP server will prevent overly curious web users from browsing portions of the server that are either access-protected or outside the web content tree. It’s also important to ensure that the server is not executed with root permissions, as most attacks are aimed toward gaining privileged access to the rest of the machine. The National Center for Supercomputing Applications’ free HTTP daemon 1.3, released in March of 1995, contains a bug that lets users run arbitrary commands on the server.

As the most widely installed web server in the world, the Apache HTTP daemon is also the one most likely to be updated whenever vulnerability is found. If you are serious about web security, it is recommended to download and install the latest Apache distribution, which is available at www.apache.org.

Regardless of which HTTP server you choose, be extremely cautious with Common Gateway Interface (CGI) scripts. These are the executable programs typically found on the server’s CGI-BIN directory. Your Web server should be configured so that executable scripts are permitted to reside only on this directory. That way, they can be kept under tight scrutiny.

Most UNIX Internet servers are relatively secure. Apache, Zeus, and Roxen have excellent track records. Netscape had issues in the past, and is occasionally slow to issue fixes, but is a solid performer. It is relatively rare for the web server to have a direct security problem. (It is usually a configuration issue, or a server-side program (CGI) that causes the problem.) In September 2000, a popular web scripting language, PHP, was found to have a serious bug that allowed attackers to view files on the web server. However, if you enabled SAFE_MODE under Apache, for example, it wasn't exploitable. Most web servers have numerous safety features that are not enabled by default. If you have complex scripting and programming on your web server, it is necessary to check the documentation for various techniques that can be used to decrease the risk. Most web servers and web programming languages are also shipped with many default test and example programs that are extremely dangerous. You can audit them manually, or use a scanner such as whisker to automate the task.

6.6. File Transfer Protocol (ftp)

The principal threat to the File Transfer Protocol (FTP) is the configuration of the anonymous FTP server, by which any user can log on and download (and sometimes upload) files at will. If you don’t need to offer this service, be sure to delete the username FTP from the /etc/passwd file; also, be sure to delete its home directory. If your corporation must offer anonymous FTP service, host it on a machine outside the corporate intranet, in what’s typically referred to as a Demilitarized Zone (DMZ).

Another intrusion technique is denial-of-service attack, in which the intruder starts multiple anonymous FTP sessions in hopes of consuming all available bandwidth to the server. To mitigate this problem, many FTP-server packages let you specify the maximum number of concurrent sessions that the server will support. If your UNIX vendor does not offer this feature, there are a number of freely available FTP implementations that do.

If you must offer ftp services with individual user accounts and uploads (e.g., a Web-hosting company), your best bet is to use ProFTPD, which is relatively secure and has numerous security features. Be careful if you have any areas that can be uploaded to, especially by anonymous users, in case mal-configured, attackers can use your site to distribute software, pornography, and so on. Overlap of ftp and WWW areas can be especially problematic --http://www.apache.org/ was hacked due to a combination of poor systems administration and several minor software flaws.

6.7. Remote Procedure Calls (RPC)

As described in 5.7, many services in UNIX depend on RPC to function; it is very hard to eliminate RPC without sacrifice the functionality of UNIX services. However, consider replacing RPC with Wietse Venema's rpcbind may be an option.

Another option is to replace RPC by SecureRPC. Unlike traditional RPC, SecureRPC uses the Data Encryption Standard (DES) and exponential key exchange to verify the authenticity of each RPC request.

6.8. The Email

6.8.1. Simple Mail Transfer Protocol (SMTP)

The primary security hole in this protocol is that there is no authentication for senders or receivers of data. Therefore, using data encryption is one of the solutions to fix the hole. The best practice is that when buying SNMP-enabled devices, ask vendors about support for SMTP v3 as they have security features. Like RPC, upgrading to a secure version is still the simplest and most effective solution.

6.8.2. Post Office Protocol (POP-3)

Use of the third version of the Post Office Protocol (POP-3) poses a serious security hazard, because the mail user’s password is transmitted over the network in plaintext. By using a basic sniffing tool, an attacker can easily intercept the username/password combination and use it for unauthorized access to many other network resources. You can protect against this vulnerability by installing a POP-3 server that supports the Authenticated POP (APOP) command. APOP, an elegant extension to the POP-3 command set, lets the user apply a time-sensitive, one-way encryption function to the password before it gets transmitted to the server, thereby eliminating the need to transmit the password in plaintext. Qualcomm (San Diego) offers a free Unix POP-3 daemon that implements the APOP command. You can download it at the Qualcomm Qpopper POP server at http://eudora.qualcomm.com/free/servers.html .

6.8.3. Sendmail

Older versions of the Sendmail mail-transport agent were riddled with security holes, some of them very serious and very easy to exploit. Most UNIX vendors use Sendmail versions that are based on the original UC Berkeley distribution, currently maintained by the Sendmail Consortium, a nonprofit group devoted to the maintenance and distribution of the freeware version of Sendmail. The secret to running a secure Sendmail installation is to run a current version that incorporates fixes for the latest known vulnerabilities. The vendor-supplied versions tend to lag, so it’s often beneficial to install and configure the latest (freely available) version from the Sendmail distribution site (www.sendmail.org ).

If you simply can’t make Sendmail work for you, you can download and install Qmail, a more current, faster, and easier-to-configure mail-transport agent that supports most of sendmail’s features. Qmail includes a wrapper that allows for drop-in replacement of Sendmail. You can download it from the official Qmail distribution site at www.qmail.org .

6.9. Virtual Private Network (VPN)

The solution to many of TCP/IP's problems is encryption -- usually referred to as Virtual Private Networks (VPNs).

It is a technical that allows two geographically separated internal networks to exchange information through public network (the web). So VPN is nothing but encrypt the content before it is transmitted through the pubic network to the other end of the internal network. This sounds a secure way to protect your content from attacker. However, it does not prevent attackers from internal network. This means that it only encrypts contents that go out to the public network. This opens a security hole to attackers. If the content has been attacked inside the internal network, and later is encrypted to the other end of the internal network, once decrypted, the virus will be carried over to other internal network.

Therefore even though VPN is an effective way to protest your contents from attackers while the content is transmitted through the public network, it does not check if the content itself contains virus or not. Thus it gives us an illusion to trust the VPN and spend mush effort to secure the content from attackers while transmission.

This security hole can be fixed by configure your firewalls that allow only certain traffic through the VPN tunnel. Configure the VPN that requires a password for people to access and does not save the password to the client’s machine is a good way to protect your network. In case the client’s machine has been hacked, you are still secure with the VPN. Configure your file sharing system so that file access is controlled by security policy is anther way to protect your contents from unlawful access through VPN. Never expose the contents like stored certificates, client configuration files to be copied.

The best supported standard is IPSec. Many operating systems (e.g., OpenBSD, Solaris, and Windows 2000) even ship with support for it. Fig. 6.1 shows a setup of IPSec in two networks.

Fig.6.1 A Tunnel IP sec is provided through two networks.

Unfortunately, deploying this technology can include a significant cost in terms of time, money, and processing power. Servers will need crypto-acceleration hardware (which now starts at $100), and busy clients (e.g., engineering workstations that use large CAD files) will also need it. Due to the complexity of these systems, it is likely that mistakes will be made in the implementation -- mistakes that an attacker can exploit. Unfortunately, you will probably not find these mistakes until it is too late.

Placing IDS (Intrusion detection systems) in many locations on your network can help. If you have a LAN segment with high security requirements, you can configure most switches to mirror all network data to a certain port, and put IDS on that port to monitor for attacks. Of course, detecting this kind of activity is only the start -- you need to have a plan to handle it. In any case, it is relatively easy for attackers to slip past IDS by using techniques such as fragmenting. A good IDS is comprised of the Open Source software packages "snort", which gobbles up network traffic, and "arachNIDS", which analyzes it.

The next major area attackers will typically target is common public services. The general rules of security apply here -- patch where possible, keep things up to date, maintain configuration files, and make sure you have a good set of backups. With many of these services, especially the high-risk public ones, you can place a "proxy" server that the public (and attackers) can connect to in front, thereby reducing the exposure of the real server behind it.

6.10. Telnet

The most common exploitation of Telnet security is unauthorized access via a brute-force attack. It is fairly easy to write a script that will repeatedly attempt a Telnet connection to a remote server by guessing a different password each time. You can protect against this vulnerability by ensuring that your Telnet daemon introduces a delay after a number of unsuccessful attempts. Ideally, the delay should be proportional to the number of unsuccessful login attempts. This should be part of the security policy and is configured at system startup.

6.11. Firewalls

The most important quality of any firewalls is the robustness of its underlying operating system. To ensure that a firewall is secure, you need to disable all network services, except those strictly necessary for firewall operation (typically IP routing and whatever TCP services it supports).

Most UNIX servers installed UNIX with default configurations. This leaves number of doors open to attackers. With firewalls properly configured, it may prevent many types of attacks. Firewalls function like castle gates, controlling what network traffic gets through. Most firewalls are configured to allow only a list of known IP addresses and ports to go through. Firewalls can do more by controlling what traffic can go out of your network. Most attackers try to attack a network in several phases. The first phase consists of a scan, sometimes to check for vulnerability. The actual attack cones next, usually opening up the victim to a remote login or network connection. It only takes two days to successfully attack a newly added UNIX server to the network. The next phase of attack is to connect to the victim machine, and changes the system’s configuration to permit further access. The attacker then logs back in and begins to download attach tool and scans for other victims. Once firewalls detect attacks, they shut off access. If the attack uses the victim machine as a relay, the firewall shuts off outgoing access also.

Many attacks rely on making outgoing connections to fetch the attack tool. Lion and Sadmind Worms did just that. If firewalls are configured not only block the incoming traffic, but the outgoing traffic also, the impact of these type of attack can be minimum.

Content filtering is one of the techniques firewall uses to secure your network. It is one of many solutions coming in a variety of forms. However, all of these solutions share the common trait that network traffic is inspected beyond the packet headers and decisions are made based on the payload content about whether to allow or deny the traffic. A common example is web site filtering, where HTTP requests are inspected to determine the type of content, and a decision is made about whether messages are scanned for known viruses, and any infected attachment can be removed before delivering the message. Content can also be filtered based on the type of application that generates it, such as peer-to-peer file sharing and instant messaging. This extends beyond firewall filtering, because the content of the packet is inspected, rather than relying on the protocol and port number, which may not be known. Unwanted e-mail, such as spam, can also be filtered out at a network gateway, based on analyses of message headers and body.

6.12. Logging and Reporting

Network requests that violate the pre-defined security policy should always be logged because they may provide evidence of an attempted attack. Because there can be many such requests, reporting tools are important for summarizing log data so that trends can be recognized and analyzed. There are also reasons to log valid requests. This allows network usage to be analyzed for potential misuse. For example, web requests and e-mail messages may be logged so reporting tools can summarize network usage per user.

6.13. Vulnerability Assessment

It’s important to be able to see your network from a potential hacker’s point of view, so you can understand where your risks are and take appropriate actions to minimize those risks. Vulnerability assessments provide this kind of view of your network, and can show your potential vulnerabilities and suggest corrective actions. Shrink-wrapped products provide all the necessary information, but are often difficult to implement because of the need to view the network from the outside. Services that provide the ability to scan your network from the Internet are the easiest to implement.

6.14. Intrusion Detection and Prevention

Intrusion detection systems (IDS) can recognize potential network attacks and either alert administrators or automatically respond to thwart the attack. This complements the postmortem analysis provided by logging and reporting tools. There are two common techniques for implementing IDS. One approach is to monitor the network for known attack signatures, similar to the way anti-virus technology works. The other approach, known as anomaly detection, is to learn what traffic is normal for a given network and then recognize abnormal behavior. While this technology is still young, it holds great promise for automation responses to network security incident.

6.15. Software and Signature Updates

An important part of maintaining network security is maintaining up-to-date software and security signatures. This includes security software and associated data, such as URL data-bases and virus signatures. Unfortunately, many products rely on users to manually check for software and data updates, which results in this important task being frequently neglected. Solutions that automatically check for new software and data updates will allow you to keep current with minimal effort.

6.16. The Essential UNIX Security Tips

6.16.1. Basic UNIX Configuration

To secure your Unix resources, the first thing to do is to adopt what is called a least- privilege approach—that is, award users only those privileges that are strictly necessary for them to accomplish a particular task. The easiest way to do this is to set up user accounts with minimal permissions and group memberships. Establish a procedure by which users can request additional file and resource permissions; ask them to specify the task they are going to work on, the duration of the task, and the manager in charge of the project.

Another important practice is to set up extensive logging and monitoring. Most off-the-shelf UNIX applications can log events via Syslog, the central UNIX logging facility. Visually scan the log files (/var/adm/messages) on a daily basis, and configure Syslog to forward high-priority events (crit, alert, and emerg) to someone’s pager for immediate attention. Also, monitor the TCP Wrappers log for unsuccessful connection attempts.

Passwords are another area of vulnerability, so in addition to enforcing safe password choices (non-alphanumeric characters, minimum length, and so on), be sure to regularly crack your own passwords. “Crack” is a program that attempts to guess weak passwords by using a combination of brute force and a small, multi-language dictionary. To assess the vulnerability of your own passwords, run the program on your own /etc/passwd file. Some security experts may not agree with this practice, but think about it: If you don’t do it, somebody else will. Ask users of cracked passwords to choose better ones.

In addition to checking passwords, you need to conduct periodic security audits. UNIX security is a moving target, so your network protection should be dynamic. Try breaking into your own UNIX servers periodically. This exercise has two benefits: One, you are forced to adopt the mindset of an attacker, and two, you identify potential holes in your security mechanisms.

Finally, no security strategy is complete without a disaster recovery plan. In most organizations, a malicious attack is likely to have an immediate impact on IT operations. So, before something happens and you get slammed with phone calls from concerned employees, make sure you have a disaster recovery plan in place. When drafting a plan, address these questions: Should you shut down operations completely (in hopes of fending off subsequent attacks), or should you trace the intruder’s actions? How should your operations staff escalate the event? Should backup copies be restored, or should you attempt to reconstruct the compromised data online?

6.16.2. Encryption

Once your UNIX system has been hardened, you’ll need a little help maintaining its bulletproof condition. Luckily, there are several freely available utilities that can make this process easier.

The Secure Shell (SSH) package, originally written by Tatu Ylönen at the Helsinki University of Technology, Finland, is a more secure alternative than conventional remote-session protocols such as Telnet and Rlogin. In its current version (1.2.x), SSH offers strong authentication of the remote host, thereby minimizing the threat of client impersonation via DNS or IP-address spoofing. In addition, SSH supports several end-to-end encryption protocols (DES, Triple-DES, IDEA, and Blowfish) to help ensure the privacy of the entire communication, starting with the initial password transmission.

The IETF is working to define the architecture of the second version of SSH, which will eventually become the Internet standard for secure remote login over insecure public networks.

Disable Telnet and Rlogin in favor of SSH. If you absolutely must continue using Telnet for remote access, an alternative way to protect yourself against password sniffers is never to use the same password twice. The S/Key system is based on the concept of a one-time password, a scheme by which roaming users are given a sequence of passwords that they can use for remote access to UNIX servers (without the need for specialized client software).

The strength of the S/Key authentication algorithm is that an eavesdropper cannot predict the next password in the sequence by gaining access to the current password. The only security consideration is how the list of passwords is generated and distributed. It’s usually helpful to write a simple script that lets users request multiple passwords, which are sent to their default printer. This ensures that the passwords are not compromised by being transmitted over the network in plaintext. (For more information about S/Key, point your browser to http://yak.net/skey/ .)

Another useful password protection mechanism is Crack. Crack is a simple yet extremely powerful password guessing program that reads the standard UNIX password file /etc/passwd and attempts to guess each entry using a brute-force approach. Although a Crack operation may take a few days (or weeks) to execute, it typically runs as a background process with very low priority.

Crack is an excellent tool to identify poorly chosen passwords, and can be run on systems that support shadow passwords (/etc/shadow ) as well as Network Information System (NIS)-shared password maps. You should use Crack in your periodic security audits, and notify users of vulnerable password choices.

TCP Wrappers, perhaps the most useful freely available security tool, addresses two of the most important needs of UNIX network security: monitoring and filtering. TCP Wrappers takes control of the main UNIX networking daemon (INETD), and can be configured to accept or deny TCP connections based on several factors, including the source or target TCP port, as well as the source or target IP address. Sound powerful? Surprisingly, TCP Wrappers’ configuration is a real breeze, and its operation imposes little or no overhead on network traffic. (This utility can be downloaded at ftp://ftp.win.tue.nl/pub/security/ .)

TCP Wrappers’ monitoring features are equally useful. All TCP connection attempts (both successful and unsuccessful) can be logged to a text file, including the source and target address, TCP port, and request time.

6.16.3. Good Security Policies

What do you want to protest? Your data? Your hardware? Your ability to recover quickly after a disaster? You must consider several tradeoffs when designing a security policy for your site:

Services offered vs. security provided (more services = less secure)

Ease of use and convenience v. security (security – 1/convenience)

Cost of security vs. risk (cost) of loss.

A good security policy document should include the following:

Purchasing guidelines for hardware and software.

A privacy policy that sets expectations regarding the monitoring of users’ email and keystrokes and policies for dealing with user files.

An access policy as who can have access, what they can do with their access, what hardware and software they can install, etc.

An accountability policy that spells out the responsibilities of both users and sys admin.

An authentication policy that sets guidelines for passwords and remote access.

An availability policy that describers when the system is supposed to be up, lists scheduled maintenance times, gives instructions for reporting problems and sets expectations regarding response times.

A maintenance policy that includes rules about outsourcing and specifies procedures for giving access to third party maintenance personnel.

A back up and recovery policy that specify the scheme for data backup and disaster damage recovery.

6.17. Defense by Regulations and Laws

Hacking or attacking to private and public network is a serious crime in the US. The punishment is heavy. If for profit reason, the punishment is even heavier. Therefore, do not hesitate to use the law as the weapon to fight with attackers and in some cases this may be your last resource in defense and recover your loses incurred by attackers.

The recent FTC action against a company allegedly using security hole in the system to send pop-up ads to consumer is a good example of this type of defense. Here is the story.

FTC Slams Pop-Up Spammer
By Dennis Callaghan
November 6, 2003

The Federal Trade Commission Thursday took action against a company that it alleges was exploiting a security hole in Microsoft's Messenger Service utility to send full-screen pop-up ads to consumers advertising software that would block the very same pop-up ads.

At the FTC's request, the U.S. District Court for the Northern District of Maryland issued a temporary restraining order against D Squared Solutions LLC, and its officers, Anish Dhingra and Jeffrey Davis, blocking them from continuing their business practices. The FTC plans to seek further legal action against the defendants, including recovering any revenue the company earned from selling its software.

6.18. Final Recommendations

No system can be made 100 percent secure. By applying the proper security measures to your UNIX servers, you can manage risk, but you can never eliminate it. When choosing a specific UNIX platform, it’s important to assess the vendor’s reaction to newly found security vulnerability. Does the vendor acknowledge the problem and promptly release a fix, or bury its head in the sand and deny that a problem exists?

The key to a good perimeter defense is to diversify your security measures. After tightening IP-level security (by installing a packet-filtering firewall), make sure you enhance security at the Transport (TCP) layer, as well as at the Application layer. UNIX is a complex operating system, and so are the attacks leveraged against it.

As indicated before, the financial losses in term of dollars are very high and the number is increasing each year. In addition to financial losses you must also take into account the liability and public relations shock waves that follow these security incidents.

When it comes to network security, you can’t afford to ignore it.

7. Summary

Most attackers will take the easiest approach with the least risk, which can lead to some interesting attacks. Even if you keep all your software up to date, replace insecure packages with secure packages, and restrict access, it is still possible for an attacker penetration. There are many complex interactions within the OS between various software packages. Therefore, it is critical that the administrators communicate well because changes in one area can affect others.

Firewall, SSH and VPN are good ways to protect your data, however, without a good security policy, your system may not be as secure as it should be. With a good security policy but without a good backup and disaster recovery policy, you may not be able to make the system back up to run once attacked. With all these good policies without a good practice of system administrators, your system may not be as secure as it should be as well as any policy needs dedicated person to execute it.

Therefore, security is not an easy task to handle. It not only requires good technology and adequate policy, but devoted system administrators to reinforce the policy as well.

8. Appendix:

8.1. The Tools

Where to find all these scripts and information on exploits? There are numerous web sites devoted to the topic, and IRC is used for real-time discussions and trading of software by many hackers. The following is a catalog of sites commonly used by hackers:

http://www.antionline.com/ -- This is one of the most comprehensive sites; it's nicely formatted, and easy to navigate. There are hundreds of exploits for almost anything that can be attached to a computer network (Cisco, Windows, BSD, AIX, etc.). There are also a number of network scanners, password generators, key loggers, and other tools that can be used to assist a person committing illegal acts (or running a legitimate penetration test).

http://www.nmap.org/ -- The best port scanner around and it's free. Scanning your network from internal trusted hosts to find out what is running is a good idea (since sometimes people add servers without mentioning it), and also from an external un-trusted host, so you can see what an attacker would see.

http://www.nessus.org/ -- One of the better intrusion scanners, and Open Source. It has client/server architecture, for both UNIX and Windows, with several hundred tests. The reports it generates are complete and some include information on how to fix the problem. It also has denial of service tests, which should be run with caution since they might crash machines.

Scanning a company for modems will usually result in discovery of at least one modem that can be used to gain access to the network. There are four methods to deal with this problem. The first method is a physical inspection of computers for modems. However, the user may have an external modem that is not always attached. The second method is to scan your phone lines for modems. Again, the user's modem may not always be attached or turned on. The third method is to prevent users from using their com ports. In UNIX, you can set permission on /dev/ appropriately, and for Windows there is a product called SecureNT. The fourth and last method is to firewall your phone lines. Currently, the only available product for these firewalls is TeleWall.

http://www.securelogix.com/ -- SecureLogix makes the TeleWall, a firewall for phone systems. Place it in front of your PBX. It handles up to 24 lines, and you can use as many as you need. It can filter incoming and outgoing calls based on origin, destination, time, and type of call. SecureLogix also makes TeleSweep, an industrial-strength wardialer.

8.2. Links

arachNIDS -- http://whitehats.com/ids/
Default password database -- http://www.securityparadigm.com/defaultpw.htm
Linux Security Knowledge Base -- http://www.securityportal.com/lskb/
HUNT-- http://www.cri.cz/kra/
rpcbind -- ftp://ftp.porcupine.org/pub/security/
SNMPv3 -- http://www.snmp.com/snmpv3/
snort -- http://www.snort.org/
whisker -- http://www.wiretrip.net/rfp/

Report on UNIX virus and worms --http://www.sophos.com/virusinfo/articles/glossary.html#unixworm

Freely available FTP server package -- www.wuftpd.org

For freeware version of Sendmail -- www.sendmail.org

8.3. References

Anne Carasik: UNIX Secure Shell, McGraw-Hill, 1999

Evi Nemeth, Unix System Administration Handbook, third edition, Prentice Hall,

2001

David Greenfield Internet-based VPNs: Business or Cattle Class? Network

Magazine, July, 2002

FBI Computer Crime and Security Survey, the 1998 Computer Security Institute

(www.gocsi.com/prelea11.htm)

Kurt Seifried: How to Hack. Sys Admin Magazine Dec. 2000

Ramon J. Hontan: Managing UNIX Security. Network Magazine No. 1, 1999

Rik Farrow: DHCP: Another Untrustworthy Service Network Magazine, April,

2002

Rik Farrow: Fortifying Your Firewalls, Network Magazine, August, 2002

Rik Farrow: VPN Vulnerabilities, Network Magazine, June, 2002

Summary report by www.esoft.com: Why your Network may not be as secure as it should be?

8.4. Terminologies

APOP Authenticated Post Office Protocol

BDE A software company that develops software that views database as

an element with an organization’s infrastructure that has its own

lifecycle.

DHCP Dynamic Host Configuration Protocol

DMZ Short for demilitarized zone, a computer or small sub-network that

sits between a trusted internal network, such as a corporate private

LAN, and an un-trusted external network, such as the public

Internet.

Typically, the DMZ contains devices accessible to Internet traffic,

such as Web (HTTP ) servers, FTP servers, SMTP (e-mail) servers

and DNS servers.

DES Data Encrypted Standard

DNS Domain Name System (Services)

FTP File Transfer Protocol

IDS Intrusion detection systems

IETF the Internet Engineering Task Force

IMAP Internet Message Access Protocol

ISC Internet Software Consortium

LDAP Lightweight Directory Access Protocol. An Internet protocol that

email programs use to look up contact information from a server,

such as ClickMail Central Directory.

The Maginot Line

It is known as a great military blunder, but in fact this stout network

of ingenious bunkers did what it was designed to do.

MDAC Microsoft Data Access Components the Microsoft Data Access

components (MDAC) are the key technologies that enable

Universal Data Access. Data-driven client/server applications

deployed over the Web or a LAN can use these components to

easily integrate information from a variety of sources, both

relational (SQL) and non relational. These components include

Microsoft ActiveX Data Objects (ADO), OLE DB, and Open

Database Connectivity ODBC).

MIME Multiple Internet Mail Extensions

NAS Network-Attached Storage

NFS Network File System

NIS Network Information System

PIX Cisco Secure PIX Firewall Series. Formerly known as the PIX

Firewall, the Cisco Secure PIX Firewall™ series is the highest-

performance, enterprise-class firewall product line within the Cisco

firewall family. The integrated hardware/software PIX Firewall

series delivers high security without impacting network

performance, scaling to meet the entire range of customer

requirements. The Cisco Secure PIX Firewall series is a key

element in the overall Cisco end-to-end security solution set and

is the leading product line in its segment of the firewall market.

PPTP Microsoft's Point-to-Point Tunneling Protocol. The point-to-point

tunneling protocol is used to secure PPTP connections over

TCP/IP links.

POP Post Office Protocol

RAS Remote Access Server Equipment

RPC Remote Procedure Calls

SNMP Simple Network Management Protocol

SMTP Simple Mail Transfer Protocol

SOHO Small Office/Home Office

SSH Secure Shell

SSL Secure Socket Layer

VPN Virtual Private Network