Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

  • With 81% of employees using their phones at work, companies have stopped asking: "Is corporate data leaking from personal devices?" and started asking:...
    Download

  • Corporate e-Learning technology has a long and diverse pedigree. As far back as the 1980s, companies were adopting computer-based training to supplement...
    Download

More on LinuxToday


CrossNodes: tcpserver: Secure, Flexible Daemon Management

Nov 26, 2002, 01:00 (9 Talkback[s])
(Other stories by Carla Schroder)

"If you're still running inetd, it's time to move on. Either xinetd or tcpserver offer superior security and control. We're going to look at tcpserver. Note that there is one limitation: it manages only tcp. If you're using UDP or rpc services, tcpserver alone will not do the job. In that case, xinetd is the way to go.

"tcpserver is part of the ucspi-tcp suite of tools by none other than the famous, and infamous, Daniel J. Bernstein. Professor Bernstein seems to inspire strong passions in the tech community; some refuse to use his software because they do not like the author. Other objections are that his programs install themselves in non-standard file locations, and that he keeps too tight a grip on the code. Personality issues aside, I find that his programs are lean, fast, secure, and worthy on their own merits. A special item of note is Professor Bernstein led the suit against the United States Government against export controls on encryption software, and won.

"DJB's security model is based on a zero-trust premise. His programs don't even trust themselves- each function is isolated from other parts of the program. They run in user accounts with restricted rights; services that require root access are as restricted and limited as possible. Any successful intrusion will be severely limited, if an intruder can get in at all..."

Complete Story

Related Stories: