server? If not, why have BIND installed? Go through and ensure that you
have only the software you need.
Enabling unused services—Do you want to administer the machine
remotely? Do you want people to upload files? If not, turn off SSH and
FTP because they just add needless attack vectors. Do the same for all
other unused services.
Disabling the local firewall on the grounds that you already have a
firewall at the perimeter—In security, depth is crucial: The more layers
someone has to fight through, the greater the likelihood the cracker will
give up or get caught.
Letting your machine give out more information than it needs to
—Many machines are configured to give out software names and version
numbers by default, which gives crackers a helping hand.
Placing your server in an unlocked room—If you do, you might as
well just turn it off now and save the worry. Even if all the employees at
your company are happy and trustworthy, why take the risk?
Plugging your machine into a wireless network—Unless you need
wireless, avoid it, particularly if your machine is a server. Never plug a
server into a wireless network because doing so is just too fraught with
security problems.After you have ruled out these potential issues, you are on to the real
problem: Which attack vectors are open on your server? In Internet terms, this
comes down to which services are Internet-facing and which ports they are
running on.
Nmap scans your machine and reports on any open TCP/IP ports it finds. Any
service you have installed that responds to Nmap’s query is pointed out,
which enables you to ensure that you have locked everything down as much
as possible.
Nmap is available to install from the Ubuntu software repositories. Although
you can use Nmap from a command line, it is easier to use with the front end
—at least until you become proficient. To run the front end, open a terminal
and run nmapfe. If you want to enable all Nmap’s options, you must have
administrator privileges and run sudo nmapfe.
When you run Nmap (by clicking the Scan button), it tests each port on your
machine and checks whether it responds. If a port does respond, Nmap
queries it for version information and then prints its results onscreen. The
output lists the port numbers, service name (what usually occupies that port),
and version number for every open port on your system. Hopefully, the