information Nmap shows you will not be a surprise. If there is something
open that you do not recognize, it could be that a cracker placed a back door
on your system to allow easy access, and you should check into it further.
Use the output from Nmap to help find and eliminate unwanted services. The
fewer services that are open to the outside world, the more secure you are.
Only use Nmap on systems that you own. It is impolite to scan other people’s
servers, and you may also be accused of doing so in preparation for illegal
activity.
Protecting Your Machine
After you have disabled all the unneeded services on your system, what
remains is a core set of connections and programs that you want to keep.
However, you are not finished yet: You need to clamp down your wireless
network, lock your server physically, and put in place scanning procedures
(such as Tripwire and promiscuous mode network monitors).
Securing a Wireless Network
Wireless networking has some unique security issues, and those issues
deserve a separate discussion.
Wireless networking, although convenient, can be very insecure by its very
nature because transmitted data (even encrypted data) can be received by
remote devices. Those devices could be in the same room; in the house,
apartment, or building next door; or even several blocks away. You must use
extra care to protect the frequency used by your network. Great progress has
been made in the past couple of years, but the possibility of a security breech
is increased when the attacker is in the area and knows the frequency on
which to listen. It should also be noted that the encryption method used by
more wireless NICs is weaker than other forms of encryption (such as SSH),
and you should not consider using wireless NIC encryption alone as part of
your security plan.
TIP
Always use OpenSSH-related tools, such as ssh or sftp, to conduct
business on your wireless LAN. Passwords are not transmitted as plain text,
and your sessions are encrypted. See Chapter 19, “Remote Access with
SSH, Telnet, and VNC,” to see how to connect to remote systems using
ssh.