6Mar
Is there an established way to classify network services by risk level?
I noticed that I seem to think of network services in three categories wrt the risk of exposing one to the internet (or a hostile network):
- "Low risk" services are extensively hardened. If a bad guy gets access to one, nothing happens. sshd falls in this category. Even though sshd runs as root with direct exposure to the Internet, a discovery of a major vulnerability would be an extremely serious event and is unlikely to occur.
- "Medium risk" services are generally expected to be safe, but vulnerabilities do occur from time to time, and some precautions, such as user account isolation, are usually taken to contain risks. Most services such as web and mail servers fall in this category.
- "High risk" services should not be exposed to bad guys under any circumstances or your server will probably be hacked. NetBIOS falls in this category (at least traditionally - no idea if Microsoft's improved it since those days); so do any number of back-door configuration interfaces that are normally bound to localhost.
Is there some "proper" framework that formalizes this idea?
