Servers such as Web and FTP should be proxied: a proxy, in this sense, will be a daemon that listens on port 80 or 21 (or other port depending on the service) in place of the usual server, checks that any request received is ok (e.g., does not contain a buffer-overload attempt) and only then passes the request onto said server. (The server will receive the request from the proxy via a different port, e.g., 8080 or 2121, which is blocked to the outside world.)
For further protection such a proxy can be run from inetd or xinetd.
| ...previous | up (conts) | next... |