topic software of vulnerabilities in HPUX in Operating System - HP-UX

software of vulnerabilities in HPUX

Jairo Campana — Tue, 29 Apr 2003 15:22:10 GMT

somebody knows software that discovers vulnerabilities of products installed in my server hpux 11.0

Re: software of vulnerabilities in HPUX

Cheryl Griffin — Tue, 29 Apr 2003 15:29:28 GMT

It sounds like you are asking for a security audit. There are several companies that provide that type of service, including HP.
http://www.hp.com/hps/security/sc_readiness.html

There are also steps you can take
http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90742/B2355-90742_top.html&con=/hpux/onlinedocs/B2355-90742/00/00/63-con.html&toc=/hpux/onlinedocs/B2355-90742/00/00/63-toc.html&searchterms=virus&queryid=20010830-035340

Bastille
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

Secure Shell
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

Re: software of vulnerabilities in HPUX

Bill Douglass — Tue, 29 Apr 2003 16:10:29 GMT

You can also check for security vunerabilities at places like http://www.cert.org/, and the CERT mailing list http://www.cert.org/contact_cert/certmaillist.html

Also, here in the ITRC Knowledge base, you can search HPs security bulletins.

For ongoing monitoring and detectiopn, HP's Intrusion Detection System, IDS/9000 is a good tool. You can download it from http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA

Re: software of vulnerabilities in HPUX

Steven E. Protter — Tue, 29 Apr 2003 16:30:49 GMT

The posts above and this forum are a good way of tracking vulnerabilities as they happen.

Berlene post importrant warnings as soon as she gets them.

SEP

Re: software of vulnerabilities in HPUX

Cheryl Griffin — Tue, 29 Apr 2003 17:03:52 GMT

Bill is correct IDS/9000 is also an excellent product. It has alerts that can help in detecting certain operations by applications which might indicate vulnerabilities.
The main aim of this product is to protect the underlying OS and its basic services.

For a complete listing of security offerings see:
http://www.software.hp.com/ISS_products_list.html.

Re: software of vulnerabilities in HPUX

Keith Buck — Wed, 30 Apr 2003 15:57:31 GMT

security_patch_check

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA

will analyze your system for missing patches. This covers security bulletins released by HP which do not contain MANUAL ACTIONS, as specified in the HP security bulletin.

You should also subscribe to the HP-UX security bulletin mailing list. Click on "maintenance and support" (to your left), then at the bottom click on "Support notifications" and subscribe to the appropriate digest.

A list of past bulletins is available from a link at the bottom of that page, "hp-ux security bulletins archive"

Not all software...but hope it helps. There are also several network and host-based scanners that are available, if that's what you're looking for.

-Keith

Re: software of vulnerabilities in HPUX

Jairo Campana — Wed, 30 Apr 2003 17:26:24 GMT

Excellent Keith also to all
I find other product free:
http://www.nessus.org/intro.html

http://www.saintcorporation.com/products/saint_engine.html

list urls:
http://www.cotse.com/tools/vuln.htm