User guide
Chapter 2. Securing Your Network
36
same is true for portmap. If you do not mount NFSv3 volumes or use NIS (the ypbind service), then
portmap should be disabled.
Figure 2.3. Services Configuration Tool
If unsure of the purpose for a particular service, the Services Configuration Tool has a description
field, illustrated in Figure 2.3, “Services Configuration Tool”, that provides additional information.
Checking which network services are available to start at boot time is only part of the story. You should
also check which ports are open and listening. Refer to Section 2.2.8, “Verifying Which Ports Are
Listening” for more information.
2.1.5.3. Insecure Services
Potentially, any network service is insecure. This is why turning off unused services is so important.
Exploits for services are routinely revealed and patched, making it very important to regularly update
packages associated with any network service. Refer to Section 1.5, “Security Updates” for more
information.
Some network protocols are inherently more insecure than others. These include any services that:
• Transmit Usernames and Passwords Over a Network Unencrypted — Many older protocols, such
as Telnet and FTP, do not encrypt the authentication session and should be avoided whenever
possible.
• Transmit Sensitive Data Over a Network Unencrypted — Many protocols transmit data over the
network unencrypted. These protocols include Telnet, FTP, HTTP, and SMTP. Many network file
systems, such as NFS and SMB, also transmit information over the network unencrypted. It is the
user's responsibility when using these protocols to limit what type of data is transmitted.
Remote memory dump services, like netdump, transmit the contents of memory over the network
unencrypted. Memory dumps can contain passwords or, even worse, database entries and other
sensitive information.