>We are in the process of converting a number of MRJE/NRJE processes over to >FTP and some concerns have surfaced: > >1. When connecting through FTP to the HP3000 UDCs are *not* activated and >thus any security packages that are UDC activated do not intervene. > >2. Many sites, including ours, are relying on these 3rd party security >packages and have established 'generic' logons (FINANCE, ACCT, etc..) >without passwords (The password is associated with the user's session >name). The implication being that someone, from another site could use the >'password less' 'generic' user id and 'ftp' into the HP3000 with the full >access and capabilities of that user. > >I know that some security packages provide 'procedure exit' routines that >will trap eveb 'ftp' logons but I was wondering if there is a way of >controlling the mpe user names that can 'ftp' into an HP3000. It would be >nice if HP would define a new user capability or if the 'ftp' monitor >process would cross-reference any user trying to logon against a system >list. > >I'd like to hear from anyone that may be in a similar situation and what, >if any, measures were taken to remedy those concerns. > >Thanks > >Paul H. Christidis Modify the "run ftpmon" command in the jftpstrt job script, and add the parameter ";info='password'": !run ftpmon;info="password" This will prevent ftp connections into user/accounts that do not have passwords. Or: $PLUG$ I work for a systems software company specialised in security on hp3000 and hp9000, and we are currently developing a product which addresses the security aspects of ftp and telnet (and other internet services). The product is being beta-tested and is due to be released in October/November. Company name: Mighty Keys, France Product name: Netwatch/3000 $/PLUG$ Regards Nicolas "Roger" Costandi Boulogne Billancourt, France e-mail: [log in to unmask] & [log in to unmask] applelink: costandi http://www.teaser.fr/~nrcostandi/ "- Computers never make misteaks" "- L'ordinateur ne se trompe jamias"