HP3000-L Archives

May 1998, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
TCP Wrappers vs. HP3000 Internet Security
From:
Bjsenn <[log in to unmask]>
Reply To:
Bjsenn <[log in to unmask]>
Date:
Thu, 21 May 1998 11:21:13 EDT
Content-Type:
text/plain
Parts/Attachments:
text/plain (36 lines) 
On my DEC Ultrix system I secure several internet service daemons with TCP
Wrappers.  These are:

fingerd, ftpd, ntalkd, rexecd, rlogind, rshd, talkd, telnetd.

For those unfamiliar with TCP Wrappers, incoming requests to inetd are first
passed to a daemon which does a security check.  If the request is from an
acceptable system, then the "regular" daemon is allowed to run.

For our auditors I am comparing this TCP Wrappers security with what is
available on the HP3000.  Here is what I think I know so far.  Comments,
clarifications, corrections, etc. are welcome.

telnet --
controlled by INETDSEC.NET.SYS very similar to TCP Wrappers.

ftp --
Only control for incoming requests is user/account passwords.  Another option
is to not run the background listener job to prevent ftp requests from all
other systems.

finger, talk, rlogin, and rexec -- (here my knowledge gets shaky).
The HP3000 does not seem to handle these incoming requests. finger, talk,
rlogin, and rexec do not seem to exist on the HP3000. rsh seems to exist, but
only for local use.

TIA.

Bruce.
----------------------------------------------------------------------
  Bruce J. Senn                               Phone:  (518) 388-6664
  Senior System Manager                       FAX:    (518) 388-6458
  Union College                     Temporary email:  [log in to unmask]
  Schenectady, NY 12308         WWW:  http://apollo.union.edu/~sennb
----------------------------------------------------------------------

ATOM RSS1 RSS2