server? If  not,    why have    BIND    installed?  Go  through and ensure  that    you
have    only    the software    you need.
Enabling    unused  services—Do you want    to  administer  the machine
remotely?   Do  you want    people  to  upload  files?  If  not,    turn    off SSH and
FTP because they    just    add needless    attack  vectors.    Do  the same    for all
other   unused  services.
Disabling   the local   firewall    on  the grounds that    you already have    a
firewall    at  the perimeter—In    security,   depth   is  crucial:    The more    layers
someone has to  fight   through,    the greater the likelihood  the cracker will
give    up  or  get caught.
Letting your    machine give    out more    information than    it  needs   to
—Many   machines    are configured  to  give    out software    names   and version
numbers by  default,    which   gives   crackers    a   helping hand.
Placing your    server  in  an  unlocked    room—If you do, you might   as
well    just    turn    it  off now and save    the worry.  Even    if  all the employees   at
your    company are happy   and trustworthy,    why take    the risk?
Plugging    your    machine into    a   wireless    network—Unless  you need
wireless,   avoid   it, particularly    if  your    machine is  a   server. Never   plug    a
server  into    a   wireless    network because doing   so  is  just    too fraught with
security    problems.After   you have    ruled   out these   potential   issues, you are on  to  the real
problem:    Which   attack  vectors are open    on  your    server? In  Internet    terms,  this
comes   down    to  which   services    are Internet-facing and which   ports   they    are
running on.
Nmap    scans   your    machine and reports on  any open    TCP/IP  ports   it  finds.  Any
service you have    installed   that    responds    to  Nmap’s  query   is  pointed out,
which   enables you to  ensure  that    you have    locked  everything  down    as  much
as  possible.
Nmap    is  available   to  install from    the Ubuntu  software    repositories.   Although
you can use Nmap    from    a   command line,   it  is  easier  to  use with    the front   end
—at least   until   you become  proficient. To  run the front   end,    open    a   terminal
and run nmapfe. If  you want    to  enable  all Nmap’s  options,    you must    have
administrator   privileges  and run sudo    nmapfe.
When    you run Nmap    (by clicking    the Scan    button),    it  tests   each    port    on  your
machine and checks  whether it  responds.   If  a   port    does    respond,    Nmap
queries it  for version information and then    prints  its results onscreen.   The
output  lists   the port    numbers,    service name    (what   usually occupies    that    port),
and version number  for every   open    port    on  your    system. Hopefully,  the
