HP 9000 and HP e3000 Servers
cancel
Showing results for 
Search instead for 
Did you mean: 

Setcurity Alerts for GSP Ports

SOLVED
Go to solution
Mick_chair
Advisor

Setcurity Alerts for GSP Ports

Hi,

Does anybody know is HP release security advisories for GSP ports ?
6 REPLIES
Horia Chirculescu
Honored Contributor

Re: Setcurity Alerts for GSP Ports

Are you talking about PDC firmware?

This should be availlable for any kind of server. Try the relevant "Download drivers and software" section for your server.

Best regards
Horia.
Best regards from Romania,
Horia.
Mick_chair
Advisor

Re: Setcurity Alerts for GSP Ports

I was thinking more along the lines that if I have a security check on a machine with a GSP port connected to the network - Would I be able to make a statement that HP do no release security advisories for GSP firmware . I appriciate that there may be instances where firmware needs to be updated for Techincal reasons - but not to remidiate a security vulnerablilty ?
Horia Chirculescu
Honored Contributor

Re: Setcurity Alerts for GSP Ports

First of all, having a GSP port connected to the (outside) network I would consider a security vulnerability by itself.

Like any other piece of firmware, of course new releases would cover also some or all security vulnerabilities. Read "Fixes".


Best regards,
Horia.
Best regards from Romania,
Horia.
Dennis Handly
Acclaimed Contributor

Re: Setcurity Alerts for GSP Ports

What type of server do you have?
If it is a GSP, there is probably no security at all except for simple passwords and possibly without SSL to encrypt the traffic.
Bill Hassell
Honored Contributor
Solution

Re: Setcurity Alerts for GSP Ports

You can safely assume that all GSP and MP connections are huge security risks. First, all but the very latest machines have a trivial plain text telnet login and password. Many sysadmins don't set the login/password or use trivial strings. Second, the GSP/MP LAN connection is often on the same subnet as all other traffic (big no-no). The GSP/MP menu allows a hacker to power off or crash the machine. The hacker could also reset the system to force a reboot and then boot the system into single user mode and compromise everything on the system.

The GSP/MP ports cannot be made secure by modern network standards (they are independent microprocessors with a small ROM and no meaningful connection to the HP-UX system). So the advisory is to put the console LAN cable on a high security, unrouted subnet with an authentication portal. Put all your routers, switches, firewalls, etc that have access ports on this restricted subnet.


Bill Hassell, sysadmin
Mick_chair
Advisor

Re: Setcurity Alerts for GSP Ports

Many thanks for all your responses - I think I havve enough informtion to move forward on this .