It's Monday, that means time for another installment of the ten part series from NewsForge on system administration. Today, part nine, we brought you part eight last week.
For every network service you run, you've opened one more window on your server to the world. Firewalls are great for defending servers against attacks from the outside, but attacks don't always come from the outside. If you have a server inside your firewall hacked, the attacker can continue hacking away at other servers without worrying about the firewall stopping his progress. For this reason it is important to schedule network audits of all of your servers.
IX. Thou shalt know the openings into your servers
Remember last week when we talked about creating a server log to keep track of all the details about your server? This is one place that log will come into play. Since you're tracking all the details about your servers, you know from when you started it up for the first time what services it should be offering, and as a result, what ports should be open, right? Good, because now you can use that list to check against the output of weekly network scans from Nmap. Nmap will tell you a large number of things about a remote computer including a surprisingly accurate guess at the operating system. Most importantly to us right now, Nmap tells us what ports are open on the server. By cross-referencing our server logs, we'll know something is up if one week a machine is hosting an FTP server when before there was none.
