360
Information Security

The Magnificent 7

What Is It?

TCPWrapper is a program which when integrated with your host OS mechanism for accepting connections from remote users, allows administrators to uniformly enforce greater logging and access control than many network services are able to support. TCPwrapper can tell you who is connecting when, from where, and to which services, while allowing you to selectively accept or deny connections at an early opportunity. It can also trigger external commands when a particular connection criteria is met. This gives the TCPwrappers a lot of potential.

How did it come about?

In 1990 Eindhoven University of Technology in the Netherlands was under attack from a hacker. The chief suspect was a Dutch individual who repeatedly managed to acquire root privilege on their Ultrix, SunOS, and other UNIX systems. Worse than that, this hacker was very fond of the command "rm -rf /". Then, as now, many systems did not have recent backups and much work was lost. Wietse Venema, at the time working for the university, devised a program initially to monitor connection attempts from the hacker and perform some simple logging and information gathering on the remote user. This program sat in-between incoming network connections and the system services the hacker wanted access-to.

Where would I use it?

Exposed services, DMZ, bastions, a good example is limiting connections to a port from internal hosts only, or if a service is available for management access, limiting that to the 1 or 2 management NOC servers you know engineers will be originating connections from.

Why is it so good?

TCPWrapper works on just about all kinds of UNIX and the idea has been copied to the Windows OS too, this makes it easier to author configuration files centrally and distribute them through your organisation (perhaps using rsync). It is installed as a lightweight shim, without breaking other system components and is as quickly removed as it is added. Finally the ability to use TCPWrappers to execute external command of your choosing means the programs utility can be extended far beyond its author?s original vision. Always a sign of great software.

Who uses it?

TCPWrapper is widely used inside most major system vendors, and is included with many OS distributions by default, although it is not always turned-on. After almost 15 years of such widespread use, you can have a high degree of confidence in its robustness.

Where do I start?

http://www.techworld.com/security/features/index.cfm?featureid=644

http://itso.iu.edu/TCP_Wrappers