Solved

InetD and ports and security

Posted on 2014-03-18
4
335 Views
Last Modified: 2014-03-19
Would it be wrong for an application to use ports in inetd for security purposes?
0
Comment
Question by:Anthony Lucia
  • 2
4 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 39938356
If you have a daemon that uses the same port that a service defined in inetd.conf, then you'll have a conflict as both the inetd daemon and the specified daemon will attempt to listen on the same port.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39938357
Once inetd has helped initiating a connection establishment between client and application (see your other thread on inetd) it's the task of the application (and the client) to care for security. inetd is almost out of the game then. inetd just acts as kind of a communication broker.
0
 

Author Comment

by:Anthony Lucia
ID: 39939627
wmp:

If inetd opens a connection (and apparently starts an application), wouldn't it be better that the App does not have a port defined in inetd, so the app would not be started by any one other than the admin of the app (and the app could be down whenever the admin chooses, instead of starting up automatically?

Thanks
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39939698
inetd is definitely designed for starting applications automatically whenever a request is made.

This is mainly used for 24/7 applications like an FTP server, telnet/remote shell access or special things like the "bootp" server, IMAP or POP servers or also the Samba server, including its configuration tool SWAT.

Of course it is true that when full control over an application's availability (which is not always closely related to security!) is desired then putting it under control of inetd is not very practical.
Sure you could manipulate inetd.conf (remove or add the concerned port entry) and restart inetd, but then you could also take the application permanently out of inetd to start/stop it manually.

Thus, if the application itself is not very secure so that you want to have it available on demand only then don't use inetd, but if you have a secure application which must be available 24/7 then inetd is still a good choice.

Note: If network access is desired for some applications which don't provide network capability themselves then these applications must run under inetd.
Examples are "systat" which calls the standard "ps" binary or "netstat" which calls the standard "netstat" binary.
However, most admins choose not to enable such types of access at all, because sensitive system information could be disclosed without any authentication or authorization.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question