LISTSERV - HP3000-L Archives

HP3000-L Archives

May 1999, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L May 1999, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re[2]: 947 mpe 5 security and internet
From:	Gavin Scott <[log in to unmask]>
Reply To:	Gavin Scott <[log in to unmask]>
Date:	Wed, 12 May 1999 10:46:44 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (21 lines)

Chris after Jeff:
> > Just :purge or :rename telnet.arpa.sys; but be sure to put it back
> > before starting any patches/updates.
>
> Or put a lockword on it. :-)

While TELNET.ARPA.SYS has PM capability, there is nothing privileged
about the telnet service which prevent any user from writing (or uploading)
a telnet equivalent program.  As far as I know, it's not possible to
remove the capability to talk on the network from an individual user
(this seems strange as MPE has so many other capability flags.  Why
isn't there an NU "Network User" capability?).

So while eliminating access to HP's telnet client may be a relatively
effective method of preventing people form connecting to other machines,
I'm not aware of any way to actually have the system enforce this
restriction effectively, short of disabling TCP on the 3000 or having
an external firewall which filters out outbound traffic you don't like.

G.

ATOM RSS1 RSS2

RAVEN.UTC.EDU