Internet Services

This chapter covers the common Internet services that most companies provide for public access. These services make up the Internet presence of the company. These services might interact with each other to provide the service to the public. This interaction itself might raise various security risks not associated with the devices on their own.

TCP/IP operates using what is called a port as a connection endpoint. The port is what TCP/IP uses to differentiate among the services within the TCP/IP protocol suite. All Internet services use ports; some use User Datagram Protocol (UDP), but most use TCP.

The following is a list of the common Internet services that most corporate businesses employ as part of their public Internet offering. These technologies can be used on intranets, extranets, and other private networks, as well as the public Internet:

• Web servers— Web servers provide access to the web sites of the business.

• FTP servers— FTP servers provide a source of downloadable files from the web site and also act as a medium for transferring files to and from the other servers.

• Internet e-mail servers— Internet e-mail servers are responsible for message delivery and routing of the corporate Internet-bound e-mails.

• DNS servers— DNS servers hold the domain and IP information for the corporate domain.

• Back-end servers— Back-end servers can fall into one of many categories. These include database servers, security authentication servers, and application servers. Back-end servers are not usually public-facing; that is, they do not usually have a publicly accessible IP address.

This chapter covers each individual service, gives a brief overview of the service, explains the specific threats posed to the individual service, and provides solutions to these threats. Solutions can be achieved by implementing products from the Cisco Secure product range.

Before covering the individual services, the chapter looks at aspects of Internet security in relation to the web site as a whole. To do this, the chapter includes a sample Internet service that is running under Mydomain.com. This Internet service includes Web servers, FTP servers, e-mail servers, DNS servers, and back-end servers.

You will see how to assess the security of the site in relation to the common attacks that are made on public Internet services. After looking at the threats, you will see how to outline how each of these affect each individual service.

The next section starts by looking at the common Internet security threats before going on to outline the sample Internet service.