LISTSERV - HP3000-L Archives

HP3000-L Archives

September 1995, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L September 1995, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: FTP and Security ($PLUG ALERT$)
From:	Nicolas Roger Costandi <[log in to unmask]>
Reply To:	Nicolas Roger Costandi <[log in to unmask]>
Date:	Sat, 16 Sep 1995 15:54:26 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (49 lines)

>We are in the process of converting a number of MRJE/NRJE processes over to
>FTP and some concerns have surfaced:
>
>1.  When connecting through FTP to the HP3000 UDCs are *not* activated and
>thus any security packages that are UDC activated do not intervene.
>
>2.  Many sites, including ours, are relying on these 3rd party security
>packages and have established 'generic' logons (FINANCE, ACCT, etc..)
>without passwords (The password is associated with the user's session
>name).  The implication being that someone, from another site could use the
>'password less' 'generic' user id and 'ftp' into the HP3000 with the full
>access and capabilities of that user.
>
>I know that some security packages provide 'procedure exit' routines that
>will trap eveb 'ftp' logons but I was wondering if there is a way of
>controlling the mpe user names that can 'ftp' into an HP3000.  It would be
>nice if HP would define a new user capability or if the 'ftp' monitor
>process would cross-reference any user trying to logon against a system
>list.
>
>I'd like to hear from anyone that may be in a similar situation and what,
>if any, measures were taken to remedy those concerns.
>
>Thanks
>
>Paul H. Christidis
 
Modify the "run ftpmon" command in the jftpstrt job script, and add the
parameter ";info='password'":
  !run ftpmon;info="password"
This will prevent ftp connections into user/accounts that do not have passwords.
 
Or:
$PLUG$
I work for a systems software company specialised in security on hp3000 and
hp9000, and we are currently developing a product which addresses the
security aspects of ftp and telnet (and other internet services). The
product is being beta-tested and is due to be released in October/November.
Company name: Mighty Keys, France
Product name: Netwatch/3000
$/PLUG$
 
Regards
 
Nicolas "Roger" Costandi              Boulogne Billancourt, France
e-mail: [log in to unmask]    &     [log in to unmask]
applelink: costandi                   http://www.teaser.fr/~nrcostandi/
"- Computers never make misteaks"     "- L'ordinateur ne se trompe jamias"

ATOM RSS1 RSS2

RAVEN.UTC.EDU