Chapter 3 | Remove Unnecessary Software

It’s not uncommon for an IT environment to contain multiple pieces of software that are either outdated, unused, or no longer supported. Eliminating or upgrading old and obsolete software from your system is not merely best practice for maximizing space and efficiency, it is a critical security practice. The software may be insecure or have vulnerabilities that are easy attack vectors. The following examples are some of the most dangerous to have within your infrastructure, and should be removed as soon as possible.

RSH

RSH is a remote access service that has been replaced with SSH. While SSH is fully encrypted, RSH potentially exposes passwords and other sensitive information. 

Check to see if the rsh-server package is installed with the following command:

# yum list installed rsh-server

Remove the package with:

# yum remove rsh-server

FTP

FTP (File Transfer Protocol) is a program that allows clients to send and receive files. Like RSH, it is also unencrypted, putting passwords and confidential information at risk. FTP should no longer be used, as there are other, more secure methods to transfer files, like SFTP.

Check to see if the FTP package is installed with the following command:

# yum list installed lftpd

Remove the package with:

# yum remove lftpd

TFTP

The Trivial File Transfer Protocol (TFTP) server package is commonly used to transfer boot images and configurations to servers and devices. A rogue or insecure TFTP server can compromise your entire network. Threat actors can leave backdoors, steal sensitive information, and leave you vulnerable to complete data loss.

Unlike RSH and FTP, TFTP is occasionally still needed for certain operational support functions, like transmitting router configurations. If you find that you do still need to use TFTP, its use should be carefully documented with the appropriate personnel, such as the Information System Security Officer (ISSO), and access should be strictly limited. 

If TFTP is not required, check to see if TFTP package is installed with the following command:

# yum list installed tftp-server

Remove the package with:

# yum remove tftp-server

YPSERV

YPSERV is an authentication and identity management service through NIS (Network Information System). Like the other examples above, it is an unencrypted, and other services are now available that are fully encrypted, like Active Directory or Kerberos.

Check to see if the ypserv package is installed with the following command:

# yum list installed ypserv

Remove the package with:

# yum remove ypserv