UC Davis Cyber-Safety Program: Insecure Network Services

If you are a computer user within an academic or administrative department on campus, you may have a Technology Support Coordinator (TSC) who is working to secure your system. Before taking any of the security steps listed below, please check with your TSC.

From the UC Davis Cyber-Safety Program Policy:

"Computers connected to the network must use only network services/processes that are needed for their intended purpose or operation. all unnecessary services must be disabled. Where such services are operationally required, the available encrypted equivalent service must be used (e.g., SSH rather than Telnet) if data of a restricted nature such as passwords or other confidential information will be transmitted by the service. This standard applies to computers using the Windows, Mac OS X or Linux operating system."

Back to Cyber-Safety Main

---

Information...

What are insecure network services?
When two or more computers are linked together, they form a network. Insecure network services are any services (such as FTP, shared file systems, etc.) residing on the network that do not have a "suitable process for authenticating users" (see authentication section).

Why is this important?
Removing services that are not necessary is one of the most important things that can be done to secure a computer system. The programs that provide these services are often left neglected, unpatched, or misconfigured, as users of the system often forget about their existence. and disabling unneeded services removes points of entry into a system that a malicious user may be able to exploit.

Network services are inherently insecure when they transmit data over the Internet unencrypted (e.g., Telnet, FTP, POP, IMaP). Using insecure services to transmit or receive sensitive data, such as passwords or personally identifying information, introduces the risk that the information will be intercepted and the information compromised. It is recommended that campus technical staff use tools such as nmap or fport on a monthly basis to identify active services/processes for review and implement necessary modifications.

---

Tools and Resources...

• Campus virus filtering for departmental email servers
• Trend Micro: campus virus filtering solution
• ClamaV: an open-source virus scanner for Windows, Linux, Unix, OpenBSD, and Mac OS X.
• Mcafee's free Stinger application: destroys a particular subset of viruses and worms that are difficult to remove with conventional anti-virus software.

---

Campus sysadmins recommend...

• UC Davis network honeypot reports. Graphical reports describing recent unauthorized port activity recorded by the campus network honeypot are available from http://secalert.ucdavis.edu/ids/. The reports also indicate the attacks that commonly use the listed TCP/UDP port.
• See also a list of TCP/UDP ports often used by malicious programs.
• nmap is a free port scanner for Windows and Unix. Identifying which ports are open on a computer is helpful in understanding which services are running. Do not perform a port scan on machines that you do not administer.
• fport is a free program that maps open ports to currently running processes. In addition to showing which network services are running, it is also an easy way to identify trojans or other malware that may be installed.
• The Microsoft Baseline Security analyzer will scan your computer and inform you of unnecessary services that may be running.
• PuTTY is a popular free SSH client that is available as part of the UC Davis Internet Tools CD or as a free download.