Level 4

What has TO BE DONE or NOT TO BE DONE to optimize the IP network security and to minimize the impact of an identity usurpation,

• Set up access rights control: access authorizations have to be full controlled,
• The authorized users must be properly identified and controlled (with passwords and calling addresses control)
• Make inactive or full control the SMB files sharing (Session Message Block) which exposes the whole of the machine to anyone who has the access rights to be connected (visibility of the directory tree) and which allows files crushing... (delivered in standard into the daemons - server applications)
• No use or full control of the FTP server which is a dangerous protocol for two reasons:
  • conceptually, works on two sessions from which one is a dynamic one forcing statefull use of the firewall. It is totally incompatible with the cryptosystem,
  • implementation problems. Most of the FTP servers give accesses to whole or part of the file tree (of the machine... or of the network), do not isolate the users between them and often authorize small "useful" commands in terms of automation which are however disasters in terms of security.
• No use or full control of the NFS files sharing (Network Files System)

Otherwise, in case of identity usurpation, who has the right to do such or such thing? What sort of damage can be done? How many times before being alerted? Is there an object-base security?