There are a number of standard Internet services that users want and that most sites try to support. There are important reasons to use these services; indeed, without them, there is little reason to be connected to the Internet at all. But there are also potential security problems with each of them.
What services do you want to support at your site? Which ones can you support securely? Every site is different. Every site has its own security policy and its own working environment. For example, do all your users need electronic mail? Do they all need to transfer files to sites outside your organization? How about downloading files from sites outside the organization's own network? What information do you need to make available to the public on the Web? What sort of control do you want over web browsing from within your site? Who should be able to log in remotely from another location over the Internet?
This chapter briefly summarizes the major Internet services your users may be interested in using. It provides only a high-level summary (details are given in later chapters). None of these services are really secure; each one has its own security weaknesses, and each has been exploited in various ways by attackers. Before you decide to support a service at your site, you will have to assess how important it is to your users and whether you will be able to protect them from its dangers. There are various ways of doing this: running the services only on certain protected machines; using especially secure variants of the standard services; or, in some cases, blocking the services completely to or from some or all outside systems.
This chapter doesn't list every Internet service -- it can't. Such a list would be incomplete as soon as it was finished and would include services of interest only to a few sites in the world. Instead, we attempt to list the major services, and we hope this book will give you the background you need to make decisions about new services as you encounter them.
anagers and system administrators together need to decide which services to support at your site and to what extent. This is a continuous process; you will change your decisions as new services become available and as your needs change. These decisions are the single most important factor in determining how secure your site will be, much more important than the precise type of technology you use in implementing them. No firewall can protect you from things you have explicitly chosen to allow through it.
Getting Started with Internet ServicesAre you just getting connected? Or, have you been connected for a while but are getting concerned about Internet security? Where should you start? Many system administrators try to be too ambitious. If you attempt to develop and deploy the be-all and end-all of firewall systems right from day one, you probably aren't going to succeed. The field is just too complex, and the technology is changing so fast that it will change out from under you before you get such an endeavor "finished".
Start small. At many sites, it boils down to five basic services. If you can provide these services securely, most of your users will be satisfied, at least for a while.
All five of these services can be safely provided in a number of different ways, including packet filtering and proxies -- firewall approaches discussed in Part II, "Building Firewalls" of this book. Providing these services lets your users access most Internet resources, and it buys you time to figure out how to provide the rest of the services they'll be asking for soon.
- World Wide Web access (HTTP).
- Electronic mail (SMTP).
File transfer (FTP).
Remote terminal access (Telnet or preferably SSH).
Hostname/address lookup (DNS): Users generally don't use this service directly, but it underlies the other four services by translating Internet hostnames to IP addresses and vice versa.
It is also possible to use "insecure" services in secure ways -- it just has to be done with more caution. For instance, electronic mail over Simple Mail Transfer Protocol (SMTP) is a classic example of an "insecure" service. However, if you carefully configure your mail servers and encrypt message bodies, you can achieve the goals mentioned previously. (This still won't save you if somebody mails you an evil program and you run it!)
Similarly, chain saws are extremely unsafe objects, but people still use them regularly with appropriate precautions and very little risk. Plastic bags are really quite safe objects, but you can still hurt yourself with one in a variety of ways, ranging from putting it over your head and suffocating, to slipping on one on the stairs and breaking your leg. When you evaluate the security of a service, you should be sure that you're thinking of its security implications to your environment in your intended configurations -- whether or not it's "secure" or "safe" in the abstract is not of any great interest. For further information about evaluating services and their security, see Chapter 13, "Internet Services and Firewalls".
|1.6. Religious Arguments||2.2. The World Wide Web|
Copyright © 2002 O'Reilly & Associates. All rights reserved.