Network Security

Network Services (typically referred to as servers, or daemons)

Servers & daemons constantly run and the background & listen on network ports.

Because their output is continuous, it is typically stored in log files. Most applications will store their logs in the /var/logs directory.

Daemons and servers are typically designed with a single task in mind (hosting a website, handling SSH, etc)

Use a dedicated user for each application.

This way, if an attacker gains control over a system, they should not be able to access the rest of the system.

ports below 1024 require root privileges to open. If an application must use one of these ports, use root privileges to open the port, then drop the privileges.

if a server is running on a low port, check the application configuration to see if you can specify a non-root user to perform the work.

Stop & uninstall all unused services.

Ensure all applications are up to date with the latest security patches.

Configure each service to only listen to required interfaces and addresses.

For example, configure SSH to only listen to private IP addresses on the local network so that SSH is not accessable via the internet.

some services, such as databases, may not need any access by network devices. In this case, configure the service to listen to the "loopback" adress: 127.0.0.1