Internet Services
Basically, an Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal network (Intranet) or external network (Internet). Actually, TCP and IP are two of the protocols that are included in a group of protocols sometimes known as the Internet protocols. Common services are Telnet, FTP, SMTP, HTTP, ICMP, ARP, DNS, ssh, scp, sftp, and others. WHAT IS AN INTERNET SERVICE?
There are common services, such as telnet and ftp. These services send all of their traffic in plain text, including passwords Plain text traffic is extremely easy to eavesdrop on by anyone between the traffic’s source and destination. Since the Internet has exploded in popularity, running insecure services such as these is not a good idea. That’s why secure replacements have been developed. These replacements provide stronger authentication controls and encrypt all their traffic to keep your data safe. You should always run secure services instead of insecure services. Secure Services
Secure Shell, also known as ssh, is a secure telnet replacement that encrypts all traffic, including passwords, using a public/private encryption key exchange protocol. It provides the same functionality of telnet(insecure), plus other useful functions, such as traffic tunneling. [root#]ssh ssh
SSH asks if you want to accept and trust the host key being sent to you. This is asked only once when you log in into the machine for the very first time. After this first login whenever ssh is done, system asks for password and a regular terminal in returned. SSH tunnels almost any protocol through it.
This example creates tunnel for HTTP. This will forward port 80 of your localhost to port 80 if [root#]ssh –f –N –q –L 80:localhost:80
Secure Copy, also known as scp, is part of the ssh package. scp helps to copy files securely from any machine to any other linux machine provided ssh daemon is running. The syntax of scp : scp scp
For eg : [root#] scp password : password :
Secure File Transfer Program, also known as sftp, is an FTP client that performs all its functions over ssh. The syntax for sftp : sftp file For eg: [root#] sftp newfile Connecting to bscit.. password : sftp
These are insecure services that should not be used, since they trust that the network is absolutely secure. Their secure equivalents should be used instead. Less secure services
telnet is a protocol and application that enables someone to have access to a virtual terminal on a remote host. It resembles text-based console access on a Unix machine. Telnet is an application that’s available almost everywhere. Because of this distribution, most beginning Unix users use Telnet exclusively to communicate with other Unix and NT machines. telnet
SSH works almost similar to telnet but with encrypted traffic and passwords. [root#]telnet example.com
ftp is a file transfer protocol that runs over ports 20 and 21. Once you have successfully logged on to an ftp server, you can type help for a list of available commands. Two important commands to remember are put to move a file from your machine to the remote machine, and get to pull a file from the remote server to your machine. To send multiple files you can use mput, and to retrieve multiple files you can use mget. ftp
For eg: ftp:> get file1 ftp:> put file2 ftp:> mget file1 file2 file3 ftp:> mput file1 file2 file3
rsync is an unencrypted file transfer program. It includes the feature of allowing to find the differences between two sets of files on two machines to be transferred across the network. It listens to port 873. rsync
rlogin is a remote login program that connects your terminal to a remote machine’s terminal. rlogin is an insecure protocol, because it sends all information, including passwords, in plain-text. It also enables an mutual trust relationship to exist between machines. Syntax : [root#]rlogin remotehostname Eg : [root#] rlogin redhat rlogin
rsh is an unencrypted mechanism to execute commands on remote hosts. rsh’s syntax is : [root#]rsh remotehostname remotecommand Eg : [root#] rsh redhathost shutdown rsh
finger enables users on remote systems to look up information about users on another system. finger displays information as user’s login name, real name, terminal name, idle time, login time, home directory, shell etc. finger should be disabled outside local network as user information could be accessed easily. finger
finger daemon listens on port 79. Syntax : [root#] finger [root#] finger
Talk and ntalk are real-time chat protocols. The talk server runs on port 517 and the ntalk server runs on port 518. To send someone else a talk request, type talk or ntalk If their server is running a talk or ntalk daemon and they are logged in, they will see a message inviting them to chat with you. Talk and ntalk
Syntax : [root#]talk [root#]ntalk Eg: [root#]talk [root#]ntalk
Following protocols are used : 1. http The most common Web server used on Linux is Apache. Apache is easily configurable, and its configuration files live in /etc/httpd/conf/. While Apache can be set to listen to many different network ports, the most common port it listens on is port 80. Linux as Server
To start httpd use command : [root#] service httpd start To enable it at boot : [root#] chkconfig httpd ON
2. sshd Its global system configuration files are in /etc/ssh, and users’ ssh configuration files are in $HOME/.ssh/. The ssh server listens on port 22. If the port is blocked by firewall and not available then ssh can be made to run on another port also.
To start sshd use command : [root#] service sshd start To enable it at boot : [root#] chkconfig sshd ON
3. ftpd The FTP daemon uses ports 20 and 21 to listen for and initiate FTP requests. Its configuration files ftpaccess, ftpconversions, ftpgroups, ftphosts, and ftpusers, are located in the /etc directory.
4. dns The Domain Name Service (DNS), which maps IP addresses to hostnames. It runs on port 53. Its configuration file is named.conf in the /etc directory.
To start dns use command : [root#] service named start To enable it at boot : [root#] chkconfig named ON
inetd is called an Internet superserver. It is launched at boot time, and listens for connections on network sockets. When inetd starts up, it checks the inetd.conf file to see what services should be running. It then reads the /etc/services file to see what ports those services should be running on. Inetd Server
It is an extended version of inetd that adds more security and features. In has new features for system administrators. It starts at boot time and listen for connections to come in from different ports in its configuration file. Once xientd receives connection request, then xientd spawns a new server and keeps listening for a new connection on a different port. Xinetd Server
In xinetd anyone can start network service whereas in inetd only root can start the network service. Xientd has inbuilt firewall capability as it provides access control on all services based on various criteria, such as remote host address, access time, remote hostname etc.
Xientd kills servers that are not in the configuration file thereby preventing configuration’s access criteria. Xinetd also has log storage. Configuration file for xientd is /etc/xientd.conf
defaults { instances=60 log_type=syslog log_on_success=Host PID log_on_failure = Host PID } includedir /etc/xientd.d /etc/xientd.conf
Start the service : [root#] service xientd start After Any changes in file : [root#] service xientd restart
ntalk-chat server runs on port 518 rsync:remote ftp telnet: telnet server finger:user information lookup program kshell:restricts user access to shell rlogin:remote login trusted rsh:remote shell to connect to remote host Xinetd started services
talk:chat server runs on port 517 klogin:rlogin server over kerboros chargen:generates random charater on TCP time:gives u time chargen-udp : generates random charater on UDP time-upd : gives time on UDP comsat : sends notification of new mail
sendmail : mail server apache : web server sshd : ssh server qmail : mail server postfix : mail server named : DNS server xfs : X font server portmap : maps RPC services to port rpc.quotad : serves quota information rpc.mountd : NFS mount server squid : web proxy server oracle : database server Stand-Alone Services
Linux provides a few different mechanisms for system security. One of these mechanisms is Linux’s firewall packages. iptables is Fedora’s and Red Hat’s built-in firewall administration tool. iptables also enables personal firewall on Linux machine. Linux Firewall
Commands to manage Iptables are : [root#] service iptables start [root#] service iptables stop On Boot : [root#] chkconfig iptables ON [root#] chkconfig iptables OFF