Chapter 11. Providing Secure Access to Internet Services

This chapter contains the following sections:

• Internet Services

• Common Internet Security Threats

• Internet Service Security Example

• Web Servers

• File Transfer Protocol (FTP) Servers

• Internet e-Mail Servers (SMTP/POP3/IMAP4)

• Domain Name System (DNS) Servers

• Back-End Servers

• Summary

• Frequently Asked Questions

• Glossary

The Internet is growing at a phenomenal rate. It is estimated that several thousand web sites are added to the Internet on a daily basis. Never before has industry had such an aggressive medium for exploitation.

With this growth, it has become standard for the traditional retail store to gain a presence on the Internet. Initially, this presence was nothing more than a static Web page that acted purely as an online advertisement for the store. This progressed to becoming an online source that presented information about goods and services offered by the store.Pretty soon, e-commerce came along, and the store started actively trading on the Internet. The Internet has no geographical limits, so soon the retail store had a global market with unlimited potential at its disposal.

With this massive growth and dependence on the technology supporting it comes a new set of hazards. The advent of e-commerce brings with it unique risks, as financial data is being transferred over the Internet. This leads to a breed of cyber-criminals. These cyber-criminals are very intelligent network hackers who use tried and tested techniques to infiltrate corporate systems for their own financial gain or to cause a denial of service (DoS) to the corporate site, thus costing the corporation money in lost revenue.

This chapter covers common Internet services and the attacks that are launched on them. It starts by looking at some common security attacks that can be made over the Internet and concentrates on network intrusion and DoS attacks. Finally, the chapter moves on to look at each individual Internet service, consisting of Web servers, File Transfer Protocol (FTP) servers, Internet e-mail servers, and Domain Name System (DNS) servers.

The common threats to each service and preventive security strategies that can be applied to these services are identified in this chapter.

This chapter provides only an overview of Internet service threats and preventive measures. There are whole books that have been written on the subject, such as:

Web Security and Commerce. O'Reilly Nutshell, 1997.

E-Commerce Security: Weak Links, Best Defences. John Wiley and Sons, 1998.

Web Security: A Step-by-Step Reference Guide. Addison-Wesley, 1998.

Practical Unix and Internet Security. O'Reilly, 1996.