HPE Community
Operating System - HP-UX
1832867 Members
3040 Online
110048 Solutions
New Discussion

Re: Is The Server Secured?

 
SOLVED
Go to solution
Steven Chen_1
Super Advisor

‎10-28-2004 03:43 AM

‎10-28-2004 03:43 AM

Is The Server Secured?

Hi,

I recently put a server with Oracle Db behind a FW. NAT is used for LAN users to get services from the server, while its ip is in different subnet with LAN. Ports opened are only limited to ftp, telnet, oracle, ping.

I am still challenged by some top gun with question of "can this server be seen while someone hack into LAN".

I believed it is secured:
1) it uses different subnet and uses NAT
2) its services are limited and only those ports are open
3) user accounts are already there.

I really want to hear all different views to help me sort things out.

VERY Appreciated!

Steven

Steve
0 Kudos
Reply
6 REPLIES 6
Rick Garland
Honored Contributor

‎10-28-2004 03:48 AM

‎10-28-2004 03:48 AM

Solution

Re: Is The Server Secured?

One thing I would do is get rid of telnet & ftp - use the SSH suite instead. This will encrypt the login info, passwds, etc. There are multiple other services you can turn off as they are not needed for all tasks.

Also look into getting the secure_patch_check. You can find numerous posts regarding this.

Other things you might want to look at are bastion hosts, installing Bastille, etc.

Reply
RAC_1
Honored Contributor

‎10-28-2004 03:49 AM

‎10-28-2004 03:49 AM

Re: Is The Server Secured?

With putting it behind a firewall and having opened only the required ports is a lot that you have done.

You further secure it in different ways.

1. convert it to trusted mode.
2. secure it further by running baston ot and oding a study what further could be done
2. have password policies in place - such as password life, password life time etc. (this is very much possible system intrsuted mode.
3. you may also want to run SHC (system health check), CPM (custom patch manager)
3. Run the security audit for it.

Anil
There is no substitute to HARDWORK
Reply
Mark Greene_1
Honored Contributor

‎10-28-2004 04:03 AM

‎10-28-2004 04:03 AM

Re: Is The Server Secured?

Are you running sendmail or other mail agent? Are you using the HP JetAdmin software to admin printers? Those use well known tcp ports with well know exploits, and you'll want to consider disabling them.

Also, are you all patched up to date with the OS? There are a few other tcp-based exploits you'll want to protect yourself from with the current patches.

Are you using any of the web services with Oracle; e.g., java and & web client? You'll need to make sure you have all the current Oracle patches too.

mark
the future will be a lot like now, only later
Reply
Victor BERRIDGE
Honored Contributor

‎10-28-2004 04:14 AM

‎10-28-2004 04:14 AM

Re: Is The Server Secured?

I would add:
Give a try to http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA
If you are under HPUX11i

If you can filter ping...
Use ssh but dont allow root to use it, this means of course be sure installed and configured sudo

All the best
Victor
Reply
Steven E. Protter
Exalted Contributor

‎10-28-2004 04:31 AM

‎10-28-2004 04:31 AM

Re: Is The Server Secured?

If the server is on a network its never totally secure. Thats a fact we must live with.

Reasons for vulnerabilities:
1) Defects in the daemons that you allow to run.
2) Oracle defects
3) OS flaws.

However:

You've made a good start and I recommend Bastille and Security Patch check.

Here is a link:

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA
Required for BAstille:
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL

For the trully paranoid:
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5083AA
Replace telent with secure shell/openssh

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=TCPWRAP

There are some good analysis tools in here:

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

You can always do more.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven Chen_1
Super Advisor

‎10-28-2004 05:55 AM

‎10-28-2004 05:55 AM

Re: Is The Server Secured?

I appreciate all suggestions that help pointing to right directions.

Yet I am still thinking what wouldb be the appropriate answer to the top gun's question: "can someone see the server (even when it is behind FW now)".

I forget the background explaination: the server is only connected to outside world with oracle sqlnet, and all ftp and telnet services are for LAN users only. Of cource, VPN users is included.

Then how to re-challenge back? NAT hides server identity, then what else?

Thanks
Steve
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.