HPE Community
Operating System - HP-UX
1752679 Members
5662 Online
108789 Solutions
New Discussion юеВ

Re: Network Security Guidelines

 
SOLVED
Go to solution
Aneesh Mohan
Honored Contributor

тАО05-12-2010 12:03 AM

тАО05-12-2010 12:03 AM

Re: Network Security Guidelines

Network parameter modifications
===============================

Network parameter default values should align with current best practices unless there is a specific need to use other values.

Perform the following to update the default network parameter values:
1. Change to the /etc/rc.config.d directory
2. Open nddconf and review the comment lines on how to use the configuration file
3. Set each of the following network parameters to the recommended value. If a parameter does not have an entry in nddconf then add a new entry to the end of the file while properly incrementing the parameter index:
TRANSPORT_NAME, NDD_NAME, NDD_VALUE
tcp tcp_syn_rcvd_max 4096
arp arp_cleanup_interval 60000
ip ip_forward_src_routed 0
ip ip_forward_directed_broadcasts 0
ip ip_respond_to_timestamp 0
ip ip_respond_to_timestamp_broadcast 0
ip ip_respond_to_address_mask_broadcast 0
ip ip_respond_to_echo_broadcast 0
4. Save nddconf.

If creating this file for the first time:
1. Set root as the owner of nddconf.
2. Set sys as the group owner of nddconf.
3. Restrict write access to nddconf to the file owner.
4. Remove the executable and sticky bit from nddconf.


Aneesh
0 Kudos
Reply
Aneesh Mohan
Honored Contributor

тАО05-12-2010 12:05 AM

тАО05-12-2010 12:05 AM

Re: Network Security Guidelines

Additional network parameter modifications
=========================================
Configure networking to NOT forward TCP/IP packets between multiple networks, even if the machine has multiple network adapters connected to multiple networks.

System is not going to be used as a firewall or gateway to pass network traffic between different networks.

1. Change to the /etc/rc.config.d directory
2. Open nddconf and review the comment lines on how to use the configuration file
3. Set each of the following network parameters to the recommended value. If a parameter does not have an entry in nddconf then add a new entry to the end of the file while properly incrementing the parameter index:
TRANSPORT_NAME NDD_NAME NDD_VALUE
ip ip_forwarding 0
ip ip_send_redirects 0
4. Save nddconf.
If creating this file for the first time:
5. Set root as the owner of nddconf.
6. Set sys as the group owner of nddconf.
7. Restrict write access to nddconf to the file owner.
8. Remove the executable and sticky bit from nddconf



Aneesh
0 Kudos
Reply
Arun Jain
Frequent Advisor

тАО05-12-2010 12:13 AM

тАО05-12-2010 12:13 AM

Re: Network Security Guidelines

Hi burak,

Your link is not working. If possible, please attach it directly to the thread...

Regards
Arun
speak less say more
0 Kudos
Reply
Burak Topal
Frequent Advisor

тАО05-12-2010 12:45 AM

тАО05-12-2010 12:45 AM

Re: Network Security Guidelines

Sorry, the doc is a little greater than the allowed size(1.12mb), but you can find under

http://iase.disa.mil/stigs/checklist/

with the name

UNIX Security Checklist Version 5, Release 1.24 - Updated! posted Apr 20, 2010

Regards,
0 Kudos
Reply
Fred K. Abell Jr._1
Regular Advisor

тАО05-26-2010 06:22 AM

тАО05-26-2010 06:22 AM

Re: Network Security Guidelines

Bastille is a good start. It will take care of most of the low hanging fruit. CIS benchmarks are also good http://cisecurity.org/en-us/?route=default. For more advanced help, go to the SANS.org reading room http://www.sans.org/reading_room/ and search 'securing hp-ux'. A lot of what you have to do depends on how you are going to use the box. A workstation in a lab is going to be done differently than a web server.

Fred
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.