Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
June 2005

Unwelcome Callers

BITS & BOLTS Insecure RPCs can leave you wide open. Take steps to protect your network. Remote Procedure Calls (RPCs) are at the heart of client/server computing, from Windows to *nix, allowing networked devices to seamlessly call services and components from one another. They're also the source of numerous vulnerabilities and exploits. RPC is ubiquitous, and that's the dilemma: You can't simply turn it off. That said, you're not without security options. RPC isn't inherently insecure: Developers can write secure code using RPC, and there are alternatives. You can defend your networks against known RPC exploits. Why RPC? Since almost every system runs RPC services, it's an obvious target. RPC reduces the complexity of network programming by handling communication over UDP. The programmer writes client/server code with identical parameters and leaves the networking to the protocol, allowing the protocol to span multiple OSes and networks. Most RPC vulnerabilities are simply the result of sloppy coding. Poor error-checking leaves ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue