CertiGuide to Security+  9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)       9  3.5  Security Baselines            9  3.5.3  Application Hardening

3.5.3.4  FTP Servers 1 2 3.5.3.6  NNTP Servers

DNS, or the Domain Name Service, is used to map hostnames to IP addresses. In the UNIX world, the most common DNS server is BIND – and unpatched BIND servers were recently named by SANS as the #1 security problem on the Internet.

Many sites configure their web server and FTP server on the same system (at least in part because certain vendors’ software, like IIS, encourages this by including an FTP server as part of the web server). If you really want to run both on the same machine, make sure that your FTP server can’t be used to upload files into a directory also accessible via your web server – if an attacker can upload a file to a location accessible by the web server, he can upload a malicious script using FTP and then execute it by invoking it via a web browser.

DNS uses TCP port 53 and UDP port 53, so if you are passing DNS information through a firewall, you need to make sure those ports are open.

3.5.3.4  FTP Servers 1 2 3.5.3.6  NNTP Servers