home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: 2.3 Remote Terminal Access and Command Execution Chapter 2
Internet Services
Next: 2.5 The World Wide Web
 

2.4 Usenet News

While electronic mail allows people to communicate, it's most efficient as a way for one person to send a message to another, or to a small list of people interested in a particular topic. Newsgroups are the Internet counterpart to bulletin boards, and are designed for many-to-many communication. Mailing lists also support many-to-many communication, but much less openly and efficiently, because there's no easy way to find out about all mailing lists, and every recipient has his own copy of every message. The largest discussion mailing lists (i.e., lists where discussions take place among subscribers, rather than lists used to simply distribute information or announcements to subscribers) have tens of thousands of subscribers; the most popular newsgroups have hundreds of thousands. Usenet news is rather like television: there's a lot going on; most of it has little socially redeeming value; some of it is fantastically amusing or informative; and everybody wants it.

The risks of news are much like those of electronic mail: your users might foolishly trust information received; they might release confidential information; and you might get flooded. News resembles a flood when it's functioning normally - most sites receive hundreds of megabytes a day, and the amount increases steadily, doubling in volume approximately every six months - so you must make absolutely sure to configure news so that floods don't affect other services. Because news is rarely an essential service, denial of service attacks on a single site are usually just ignored. The security risks of news are therefore quite low. You might want to avoid news because you don't have the bandwidth or the disk space to spare, but it's not a significant security problem.

Network News Transfer Protocol ( NNTP ) is used to transfer news across the Internet. In setting up the news server at your site, you'll need to determine the most secure way for news to flow into your internal systems so NNTP can't be used to penetrate your system. Some sites put the news server on the bastion host, others on an internal system, as we'll describe in Chapter 8 . NNTP doesn't do much, and your external transfers of news will all be with specific other machines (it's not like mail, which you want to receive from everybody), so it's not particularly difficult to secure.

The biggest security issue you'll face with news is what to do with private newsgroups. Many sites create private local newsgroups to facilitate discussions among their users; these private newsgroups often contain sensitive, confidential, or proprietary information. Someone who can access your NNTP server can potentially access these private newsgroups, resulting in disclosure of this information. If you're going to create private newsgroups, be sure to configure NNTP carefully to control access to these groups. (The configuring of NNTP to work in a firewall environment is discussed more fully in Chapter 8 .)


Previous: 2.3 Remote Terminal Access and Command Execution Building Internet Firewalls Next: 2.5 The World Wide Web
2.3 Remote Terminal Access and Command Execution Book Index 2.5 The World Wide Web