There are at least two ways to protect in-bound FTP requests to the HP. You can add allow and deny statements to the INETDSEC file so that only certain IP addresses can initiate an FTP session. Also recently added (7.0 ?) to the FTP server is the option to enforce the user/account passwords to be entered. In earlier versions of MPE, FTP used to be nicely integrated with security/3000 so you could have session based password security on your FTP sessions. Go to docs.hp for details on the switch you have to send to FTP to turn on user based passwords. P.s. I suppose a third route is for the networks routers to ensure that the only IP traffic reaching the HP is from known sources. -----Original Message----- From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On Behalf Of Baker, Mike L. Sent: 13 September 2004 16:28 To: [log in to unmask] Subject: [HP3000-L] FTP to HP3k and security I have not had a chance to test any of this, but I thought I would ask the question first. I'm sure someone else has had to deal with this. We daily have a sun unix server ftp files to the hp. There is no password setup on the group.accounts that ftp logs in too (we are talking more than one client [i.e.group.account] here). As part of our sarbains/oxley fun and games, we have to secure the hp. When we do implement security on the hp, either all mpe security and/or with security/3000, I am assuming that ftp (into the hp) will get asked the password after the group.account is entered, if one has been implemented, correct? I guess what I am getting at, is can ftp into the hp be allowed to not need to enter a password, even though a user logging into the hp with vt-mgr or serial would need to. Mike Baker DISCLAIMER: **This communication, along with any documents, files or attachments, is intended only for the use of the addressee and may contain legally privileged and confidential information. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of any information contained in or attached to this communication is strictly prohibited. If you have received this message in error, please notify the sender immediately and destroy the original communication and its attachments without reading, printing or saving in any manner. This communication does not form any contractual obligation on behalf of the sender, the sender's employer, or the employer's parent company, affiliates or subsidiaries.** * To join/leave the list, search archives, change list settings, * * etc., please visit http://raven.utc.edu/archives/hp3000-l.html * ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ The contents of this email are confidential to the intended recipient and may not be disclosed. Although it is believed that this email and any attachments are virus free, it is the responsibility of the recipient to confirm this. Smith & Williamson Corporate Finance Limited - A member of M&A International Inc. http://www.mergers.net Registered in England No. 4533970. Authorised and regulated by the Financial Services Authority Smith & Williamson Investment Management Limited, Registered No. 976145. Authorised and regulated by the Financial Services Authority. Smith & Williamson Pension Consultancy Limited - Independent Intermediary. Registered No. 3133226. Authorised and regulated by the Financial Services Authority. Smith & Williamson Fund Administration Limited, Registered No. 1934644. Authorised and regulated by the Financial Services Authority. Smith & Williamson Limited - A member of Nexia International. Registered in England No. 4534022. Regulated by the Institute of Chartered Accountants in England & Wales for a range of investment business activities. Registered Office: No 1 Riding House Street, London W1A 3AS Telephone: 020 7637 5377 http://www.smith.williamson.co.uk Nexia Audit Limited - A member of Nexia International. Registered in England No. 4469576. Registered to carry on audit work and regulated by the Institute of Chartered Accountants in England & Wales for a range of investment business activities. Registered Office: No 1 Riding House Street, London W1A 3AS Telephone: 020 7637 5377 http://www.nexiaaudit.co.uk NCL Investments Limited, Registered No. 1913794. Member of the London Stock Exchange authorised and regulated by the Financial Services Authority. Registered Office: Bartlett House, 9-12 Basinghall Street, London EC2V 5NS Telephone: 020 7600 2801 ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ * To join/leave the list, search archives, change list settings, * * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *