Last week, the US System Network Security Association announced the top 10 security hazards of UNIX. From my own use of 10 years of UNIX experience, it is basically a reason to be reasonable, given that there is no standard hidden danger, I briefly explain The countermeasures of these hidden dangers. US System Network Security Association announced by UNIX top ten security hidden rosers: 1 Bind Domain Name System 2 Web Server 3 Authentication 4 Version Control Systems 5 Email Transport Services (Mail Transport Service) 6 Simple Network Management Protocol 7 Open Secure Connection Communication Layer 8 Enterprise Services NIS / NIS / NIS / NIS 9 Database (Databases 10 Kernel 1] Bind's NIS service is often bound to NFS services, providing unified login and remote directory file sharing in LAN users. Its vulnerability can enter any other user's file system if the local root account of any of the UNIX / Linux servers in the local area network can be entered into any other user file system. I used this vulnerability. I used it until I haven't eliminated today. 2] Web Server is usually all HTTPD Server usually used, given that the Apache 2.0 is the most popular web server, here illustrates the hidden dangers of Webservers. CGI configuration, the default Conf and Apache Module have a wide range of hidden dangers, usually through upgrades to eliminate these hidden dangers, but they are not a solution. 3 years ago, my Apache Webser has been infected with WROM, and it can be seen that the difference in safety. 3] Authentication, there is a lot of hidden dangers, such as SSH is once a well-known big loophole, and the famous movie "Matrix II" uses such an instruction: ssh host -l root -v Check SSH version and vulnerability. 4] Version Control Systems This I am not familiar, don't make comments. 5] Mail Transport Service This is a consumer nest, regardless of all SMTP, Qmail, etc. have a lot of security hazards, and there are many security hazards that prevent Hack and Spam Email. When the system administrator opens 25 ports, you need to know that this port is a service that is second only to 80 ports. It is very important to build trust IP and good Email Relay mechanism. 6] Simple Network Management Protocol This is not discussed, prohibiting the use. 7] Open Secure Connection Communication Layer (Open Secure Sockets Layer) Basic Broadcasting How many Hacker can use a simple Sniffit tool (listening tool) to do, Telnet's coded spread once is the favorite of Hacker. Using hardware MAC binding technology, or simply eliminating old antique services such as FTP / Telnet or even Client programs. 8] Enterprise service NIS / NIS / NIS / NIS / NIS / NFS is shown in [1], improper NFS allows external people Mount systems to read files, and even modify files.
