Upgrading and Repairing Networks

System Daemons and Services

Windows servers have background processes that perform many functions, called services. Unix systems also have background processes that work in a similar manner that are called daemons. Regardless of what you call them, these processes, which are called background because they do not require interaction with the keyboard but instead execute on the computer waiting to perform some function, can introduce security problems when they are not needed.

You should become familiar with the background processes on any servers in your network and disable those that are not needed. For example, on Unix systems, there are many background daemons associated with the TCP/IP suite of protocols. Some systems might need all of these, whereas some might need just a few or none of them. Table 42.1 lists some of the daemons you might want to look at to determine whether they are needed. If not, disable them.

Table 42.1. TCP/IP Services That Might Not Be Needed on All Systems

Service Name	Description
uucp	Unix-to-Unix copy
finger	Provides information about users
tftp	Trivial file transfer protocol
talk	Allows text communications between users on the network
bootp	Provides network information to clients
systat	Gives out current system information
netstat	Gives out current network information such as current connections
rusersd	Shows logged-on users
rexd	Remote execution utility

It might be that you do need these services. It might be that they need to be configured properly to prevent their misuse. You should read the documentation that comes with your Unix or Linux system to determine the capabilities that these daemons provide and disable them on systems that do not need them.

For example, tftp (the trivial ftp transport application) is a stripped-down version of FTP. It is compact and usually can be easily implemented in an EPROM. For this reason, it is useful in some devices that need to download operating software from a host. However, note that unlike FTP, tftp has no access control mechanisms. This means that a username and password are not used. Because there is no authentication, this can be a real security problem if it is not configured properly, such that it can be used only for its intended purpose.

On Windows servers, you can use two programs that are provided with the Resource Kits to install or run almost any executable program or batch file as a service. These are INSTRV. EXE, which can be used to install an executable, and SRVANY. EXE, which can be used to make other kinds of files into services. On a server that has several users logging in frequently, you might want to make it a regular part of your routine maintenance to review the services running on the machines and disable or remove those that are not installed by the initial operating-system installation or those that did not come from products you have applied to the system.

To do this, you will need to keep an inventory of what runs on each server, but this kind of inventory information can be useful for other purposes, such as when you need to reinstall a server that has been destroyed by a catastrophic failure.