Subject: | |
From: | |
Reply To: | |
Date: | Thu, 21 May 1998 18:39:12 -0400 |
Content-Type: | Text/Plain |
Parts/Attachments: |
|
|
In <[log in to unmask]> [log in to unmask] writes:
[snip]
> For our auditors I am comparing this TCP Wrappers security with what is
> available on the HP3000. Here is what I think I know so far. Comments,
> clarifications, corrections, etc. are welcome.
>
> telnet --
> controlled by INETDSEC.NET.SYS very similar to TCP Wrappers.
>
> ftp --
> Only control for incoming requests is user/account passwords. Another option
> is to not run the background listener job to prevent ftp requests from all
> other systems.
True. Though <plug> Office Extend FTP can restrict connection by IP address-
though not using inetdsec- and allows you to define which logins ARE allowed,
vs. allowing any you can guess passwords for. </plug>
Neither HP's ftp (nor ours) uses the inetd security; neither app uses the
bsd socket libs (which are necessary to run under inetd); netipc apps don't
fork nicely (the socket descriptors don't make it).
> finger, talk, rlogin, and rexec -- (here my knowledge gets shaky).
> The HP3000 does not seem to handle these incoming requests. finger, talk,
> rlogin, and rexec do not seem to exist on the HP3000. rsh seems to exist, but
> only for local use.
Don't know of a public finger client (nor any hp3000 site that'd want one
that advertises MPE users); we do have a built-in finger in NetMail/3000
(which can be turned off) which only allows "finger" probes for mailboxes,
and only those that are designated as "to be advertised".
Also don't know of any talk daemon/client ported to MPE. rlogin/rexec ports
exist (see ftp.telamon.com and other software sites) though I don't recall
if they're clients or daemons (or if they're inetd'able for that matter,
though if they're actual ports they probably are). Jazz also has a few
r@ ports, though caveat emptor.
HTH,
Chris Bartram
------------------
Quote for the day:
Glory is fleeting, but obscurity is forever.
|
|
|