On my DEC Ultrix system I secure several internet service daemons with TCP
Wrappers. These are:
fingerd, ftpd, ntalkd, rexecd, rlogind, rshd, talkd, telnetd.
For those unfamiliar with TCP Wrappers, incoming requests to inetd are first
passed to a daemon which does a security check. If the request is from an
acceptable system, then the "regular" daemon is allowed to run.
For our auditors I am comparing this TCP Wrappers security with what is
available on the HP3000. Here is what I think I know so far. Comments,
clarifications, corrections, etc. are welcome.
telnet --
controlled by INETDSEC.NET.SYS very similar to TCP Wrappers.
ftp --
Only control for incoming requests is user/account passwords. Another option
is to not run the background listener job to prevent ftp requests from all
other systems.
finger, talk, rlogin, and rexec -- (here my knowledge gets shaky).
The HP3000 does not seem to handle these incoming requests. finger, talk,
rlogin, and rexec do not seem to exist on the HP3000. rsh seems to exist, but
only for local use.
TIA.
Bruce.
----------------------------------------------------------------------
Bruce J. Senn Phone: (518) 388-6664
Senior System Manager FAX: (518) 388-6458
Union College Temporary email: [log in to unmask]
Schenectady, NY 12308 WWW: http://apollo.union.edu/~sennb
----------------------------------------------------------------------
|