HostedDB - Dedicated UNIX Servers

index_34
Router Security Configuration Guide UNCLASSIFIED 34 UNCLASSIFIED Version 1.0g Applying Packet Filters: Permit Only Required Protocols and Services Carefully consider what network services will be allowed through the router (outbound and inbound) and to the router.  If possible, use the following guideline for creating filters:  those services that are not explicitly permitted are prohibited.   Make a list of the services and protocols that must cross the router, and those that the router itself needs for its operation. Create a set of filtering rules that permit the traffic identified on the list, and prohibits all other traffic. In cases where only certain hosts or networks need access to particular services, add a filtering rule that permits that service but only the specific host addresses or address ranges.   For example, the network firewall host might be the only address authorized to initiate web connections (TCP port 80) through the router. Applying Packet Filters: Reject Risky Protocols and Services Sometimes, it is not possible  to follow the strict security guideline discussed above.   In that case, fall back to prohibiting services that are commonly not needed, or are known to be popular vehicles for security compromise. The following two tables present common services to restrict because they can be used to gather information about the protected network or they have weaknesses that can be exploited against the protected network.  The first table lists those services that should be completely blocked at the router.  Unless you have a specific operational need to support them, the protocols listed in Table 3-1 should not be allowed across the router in either direction.   Table 3-1: Services to Block Completely at the Router Port (Transport) Service  1   (TCP & UDP) tcpmux 7 (TCP & UDP) echo 9   (TCP & UDP) discard 11   (TCP) systat 13   (TCP & UDP) daytime 15   (TCP) netstat 19   (TCP & UDP) chargen 37   (TCP & UDP) time 43   (TCP) whois 67   (UDP) bootp 69   (UDP) tftp 93   (TCP) supdup 111   (TCP & UDP) sunrpc 135   (TCP & UDP) loc-srv 137   (TCP & UDP) netbios-ns 138   (TCP & UDP) netbios-dgm 139   (TCP & UDP) netbios-ssn