S 5.21 Secure use of telnet, ftp, tftp and rexec

Initiation responsibility: IT Security Management, Administrators

Implementation responsibility: Administrators

By means of the telnet hostname command it is possible to log into the hostname computer after entry of a user name and associated password. With ftp, sizeable quantities of data can be copied, and rexec allows execution of a command on another computer without previous sign-on. For all of these three programmes, the entered user names and passwords are transmitted unencrypted over the network; so they must be used only when it is ensured that the network cannot be intercepted (cf.T 5.7 ). All invocations to telnet, ftp and rexec must be logged. Particular attention must be paid to unsuccessful connection attempts by external IT systems.

When using the ftpd daemon, it must be borne in mind that time and again, like in the case of sendmail (cf. S 5.19 Use of the sendmail security mechanisms), newly arising serious security flaws are identified, on account of which it may be possible to acquire administrator privileges without a password (on this point, cf. CERT note 94-08 of 14.04.1994). Ftp versions that are older than those described should not be used.

Furthermore, all user names for which ftp access is not to be granted should be entered in the /etc/ftpusers file. These include, for instance, root, uucp and bin. When setting up new users who, according to their profile, may not have FTP-access it must be ensured that they are entered in /etc/ftpusers (see also S 2.30 Provisions governing the designation of users and of user groups).

With the help of . netrc -files automatic FTP-access to distant IT systems will be allowed.

It must be ensured that no . netrc -files are available or that they are empty and that the user does not have access rights to them.

Use of the tftpd, rexd and rexecd daemons must be prevented (e.g. by eliminating the pertinent entry in/etc/inetd.conf) or, as a minimum, it must be ensured that, when using tftp, users will only have restricted access to files from the log-in directory (cf. also S 2.32 Establishment of a restricted user environment). This can be verified by making the following entries:

tftp hostname

tftp>get /etc/passwd /tmp/txt

If the tftp daemon does not respond with an error message, its use must be prevented.

Additional controls:

• Is the /etc/ftpusers file updated regularly?

• Are access attempts via telnet, ftp and rexec logged?