LISTSERV - HP3000-L Archives

HP3000-L Archives

December 1998, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L December 1998, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: HP3000/Internet Security Was: Dialup to a 3000
From:	Gavin Scott <[log in to unmask]>
Reply To:	Gavin Scott <[log in to unmask]>
Date:	Thu, 3 Dec 1998 18:00:26 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (49 lines)

Jeff writes:
>   So consider a few things available in *cough* HP-UX:

Actually, MPE already *has* many of these features.  They are part of
the often forgotten Security Monitor/iX product.  You can, among other
things, do the following:

*) Specify a maximum number of logon attempts per user ID, after which
   the login ID is disabled.  You can specify a time delay after which
   login attempts are allowed for that ID, or you can require MANAGER.SYS
   to manually reset it.

*) Specify a maximum number of logon attempts per device (probably only
   effective for "nailed" DTC ports).  After this number of attempts, MPE
   will issue a :DOWN for that device, and optionally :UP it after a
   configurable delay.

*) Disable the "friendly" logon prompt/help messages.

*) Specify that users are to be logged off if the logon UDC does not
   execute for some reason.

*) Set minimum requirements for passwords and have passwords expire.

*) Selectively disable CI or programmatic execution of just about every
   MPE command.  If you like, you can first set it to log and warn you
   about commands that you're thinking of disabling, so you can find out
   if this will have a detrimental impact on your environment.

*) Enable *logging* of just about any MPE command (always wanted to see
   every execution of the :PURGE command?)

etc.  One possible way of getting HP to provide the enhancements that have
been discussed in the last day or so might be to make them part of the
Security Monitor/iX product, thus providing HP some revenue for their
effort.

An enhancement that I would really like to see would be a "user exit" on
the telnet daemon which would allow you to implement most of what has been
suggested yourself.  Also there is currently no way to create an automatic
login service using MPE telnet.  That is, I would like to setup a TCP port
on my 3000, which, when someone connected to it, would spawn an MPE telnet
based session on that port with a particular USER.ACCOUNT login.  Today
there is no way to do this without either giving the user access to the
login prompt, or replacing the telnet/session with your own messy process
handling implementation.

G.

ATOM RSS1 RSS2

RAVEN.UTC.EDU