Solved

InetD and ports and security

Posted on 2014-03-18
4
348 Views
Last Modified: 2014-03-19
Would it be wrong for an application to use ports in inetd for security purposes?
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 39938356
If you have a daemon that uses the same port that a service defined in inetd.conf, then you'll have a conflict as both the inetd daemon and the specified daemon will attempt to listen on the same port.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39938357
Once inetd has helped initiating a connection establishment between client and application (see your other thread on inetd) it's the task of the application (and the client) to care for security. inetd is almost out of the game then. inetd just acts as kind of a communication broker.
0
 

Author Comment

by:Anthony Lucia
ID: 39939627
wmp:

If inetd opens a connection (and apparently starts an application), wouldn't it be better that the App does not have a port defined in inetd, so the app would not be started by any one other than the admin of the app (and the app could be down whenever the admin chooses, instead of starting up automatically?

Thanks
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39939698
inetd is definitely designed for starting applications automatically whenever a request is made.

This is mainly used for 24/7 applications like an FTP server, telnet/remote shell access or special things like the "bootp" server, IMAP or POP servers or also the Samba server, including its configuration tool SWAT.

Of course it is true that when full control over an application's availability (which is not always closely related to security!) is desired then putting it under control of inetd is not very practical.
Sure you could manipulate inetd.conf (remove or add the concerned port entry) and restart inetd, but then you could also take the application permanently out of inetd to start/stop it manually.

Thus, if the application itself is not very secure so that you want to have it available on demand only then don't use inetd, but if you have a secure application which must be available 24/7 then inetd is still a good choice.

Note: If network access is desired for some applications which don't provide network capability themselves then these applications must run under inetd.
Examples are "systat" which calls the standard "ps" binary or "netstat" which calls the standard "netstat" binary.
However, most admins choose not to enable such types of access at all, because sensitive system information could be disclosed without any authentication or authorization.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question