Solved

InetD and ports and security

Posted on 2014-03-18
4
344 Views
Last Modified: 2014-03-19
Would it be wrong for an application to use ports in inetd for security purposes?
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 39938356
If you have a daemon that uses the same port that a service defined in inetd.conf, then you'll have a conflict as both the inetd daemon and the specified daemon will attempt to listen on the same port.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39938357
Once inetd has helped initiating a connection establishment between client and application (see your other thread on inetd) it's the task of the application (and the client) to care for security. inetd is almost out of the game then. inetd just acts as kind of a communication broker.
0
 

Author Comment

by:Anthony Lucia
ID: 39939627
wmp:

If inetd opens a connection (and apparently starts an application), wouldn't it be better that the App does not have a port defined in inetd, so the app would not be started by any one other than the admin of the app (and the app could be down whenever the admin chooses, instead of starting up automatically?

Thanks
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39939698
inetd is definitely designed for starting applications automatically whenever a request is made.

This is mainly used for 24/7 applications like an FTP server, telnet/remote shell access or special things like the "bootp" server, IMAP or POP servers or also the Samba server, including its configuration tool SWAT.

Of course it is true that when full control over an application's availability (which is not always closely related to security!) is desired then putting it under control of inetd is not very practical.
Sure you could manipulate inetd.conf (remove or add the concerned port entry) and restart inetd, but then you could also take the application permanently out of inetd to start/stop it manually.

Thus, if the application itself is not very secure so that you want to have it available on demand only then don't use inetd, but if you have a secure application which must be available 24/7 then inetd is still a good choice.

Note: If network access is desired for some applications which don't provide network capability themselves then these applications must run under inetd.
Examples are "systat" which calls the standard "ps" binary or "netstat" which calls the standard "netstat" binary.
However, most admins choose not to enable such types of access at all, because sensitive system information could be disclosed without any authentication or authorization.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question