Briefly describe IP service implementation vulnerabilities, and insecure IP protocols and services.

What will be an ideal response?

---

IP service implementation vulnerabilities-Sometimes, hackers discover bugs in specific implementations of IP services on particular platforms that can be exploited to permit normally illegal operations to occur on machines where those services are available. Windows NT, for instance, was subject to several debugger-based attacks when developers left debugging switches active in code and the switches were exploited through a TCP/IP-based network session to assert system-level access for anonymous or null user sessions (which normally can't do much of anything on a well-secured system).
Insecure IP protocols and services-Some protocols, such as FTP and Telnet, can require user account names and passwords to permit access to their services. But these protocols do not encrypt that data; if malefactors sniff IP packets between senders and receivers while this information is visible, they can obtain valid account name and password pairs with which to break into a system. There isn't much you can do about this, except to restrict public access to those systems for which compromise won't be a problem. Otherwise, you must require users to switch to more secure implementations of such services, when they're available-as is the case with Secure Telnet (Stelnet), Secure Shell (SSH), and Secure FTP (SFTP), for instance. Alternatively, you can force users to use virtual private network (VPN) connections (which encrypt all traffic between senders and receivers) when insecure protocols or services are employed.