| VID |
14059 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The host system's IP and port access restriction is unsafe. TCP Wrapper protocol is used to manage safe and limited access. TCP Wrapper protocol does not support encryption but features limited access to server and logs from a remote side. There are 2 recommendations in TCP Wrapper protocol that should be followed
1. Avoid using system's name or domain name. Only IP address should be used.
2. Set /etc/hosts.deny file 'deny All' and add only permitted IP address to /etc/hosts.allow
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Open /etc/hosts.deny and deny all access to services as the following
ALL:ALL
and then add allowed IP address to /etc/hosts.allow
ex)
in.telnetd:192.168.100.100 , 192.168.100.101
(192.168.100.100 and 192.168.100.101 are allowed to connect to telnet)
in.telnetd :192.168.100
(192.168.100.0 ~ 255 are allowed to connect to telnet)
in.ftpd :192.168.100.100
(192.168.100.100 is allowed to connect to ftp)
sshd:192.168.100.100 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
