- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Network Security Guidelines
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2010 12:03 AM
тАО05-12-2010 12:03 AM
Re: Network Security Guidelines
===============================
Network parameter default values should align with current best practices unless there is a specific need to use other values.
Perform the following to update the default network parameter values:
1. Change to the /etc/rc.config.d directory
2. Open nddconf and review the comment lines on how to use the configuration file
3. Set each of the following network parameters to the recommended value. If a parameter does not have an entry in nddconf then add a new entry to the end of the file while properly incrementing the parameter index:
TRANSPORT_NAME, NDD_NAME, NDD_VALUE
tcp tcp_syn_rcvd_max 4096
arp arp_cleanup_interval 60000
ip ip_forward_src_routed 0
ip ip_forward_directed_broadcasts 0
ip ip_respond_to_timestamp 0
ip ip_respond_to_timestamp_broadcast 0
ip ip_respond_to_address_mask_broadcast 0
ip ip_respond_to_echo_broadcast 0
4. Save nddconf.
If creating this file for the first time:
1. Set root as the owner of nddconf.
2. Set sys as the group owner of nddconf.
3. Restrict write access to nddconf to the file owner.
4. Remove the executable and sticky bit from nddconf.
Aneesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2010 12:05 AM
тАО05-12-2010 12:05 AM
Re: Network Security Guidelines
=========================================
Configure networking to NOT forward TCP/IP packets between multiple networks, even if the machine has multiple network adapters connected to multiple networks.
System is not going to be used as a firewall or gateway to pass network traffic between different networks.
1. Change to the /etc/rc.config.d directory
2. Open nddconf and review the comment lines on how to use the configuration file
3. Set each of the following network parameters to the recommended value. If a parameter does not have an entry in nddconf then add a new entry to the end of the file while properly incrementing the parameter index:
TRANSPORT_NAME NDD_NAME NDD_VALUE
ip ip_forwarding 0
ip ip_send_redirects 0
4. Save nddconf.
If creating this file for the first time:
5. Set root as the owner of nddconf.
6. Set sys as the group owner of nddconf.
7. Restrict write access to nddconf to the file owner.
8. Remove the executable and sticky bit from nddconf
Aneesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2010 12:13 AM
тАО05-12-2010 12:13 AM
Re: Network Security Guidelines
Your link is not working. If possible, please attach it directly to the thread...
Regards
Arun
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2010 12:45 AM
тАО05-12-2010 12:45 AM
Re: Network Security Guidelines
http://iase.disa.mil/stigs/checklist/
with the name
UNIX Security Checklist Version 5, Release 1.24 - Updated! posted Apr 20, 2010
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-26-2010 06:22 AM
тАО05-26-2010 06:22 AM
Re: Network Security Guidelines
Fred
- « Previous
-
- 1
- 2
- Next »