- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: security
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2005 01:20 PM
тАО02-16-2005 01:20 PM
I am writing some security document. I need to put some recommendation about the software selection during the OS installation.
At this moment, the following components are recommended not to install.
- CIFS related components including server and client
- Apache - if the server is not a web server
- NFS related components including server and client
- Tomcat
- XML Web server tools
- Webmin based admin
- Mozilla
- Ximian GNOME
- Java
- IPFilter
Is there anything that I missed here. This document based on HP-UX 11.23 and 11.11
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2005 01:31 PM
тАО02-16-2005 01:31 PM
SolutionCDE / X - having a history of security issues, so You could leave them out in case no graphical logins are needed. (And for such cases, there are still other solutions)
VxVm administrator - at least on Tru64 (LSM there) it listens on the network for some funky Java GUI.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2005 03:38 PM
тАО02-16-2005 03:38 PM
Re: security
I don't remember how isolated those filesets are. Other candidates: kermit, telnet, ftp, r-services.
Sorry I can't remember fileset names and the like.
HTH,
Mic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2005 03:53 PM
тАО02-16-2005 03:53 PM
Re: security
security? Could you explain why?
Don;t you think it would be easier to install IPFilter and
and allow only those incoming/outgoing traffic that you
want to allow and block everything else (and log all
suspicious connection attempts)? I can understand
that you don't want to install anything that is not
needed on the system, but IPFilter would add another
line of defence to your systems.
- Biswajit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-17-2005 01:50 AM
тАО02-17-2005 01:50 AM
Re: security
They provide various documents containing "Benchmark" security recommendations for various OS flavours, including HP-UX.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-17-2005 02:15 AM
тАО02-17-2005 02:15 AM
Re: security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-17-2005 04:20 AM
тАО02-17-2005 04:20 AM
Re: security
it will desc all unsec software and way to exclude from install.
Install Bastion host
Install IPFILTER
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-17-2005 04:35 AM
тАО02-17-2005 04:35 AM
Re: security
Only install it if you need it. It is very useful if you want to share files on the HP box with windows users or vice versa. Otherwise its pretty much wasted hard disk space. It does not as far as I know represent a security hazard.
NFS - Data goes back and forth in clear text. This is a security hazard. If you don't need NFS, don't use it. You must however leave it installed. I monkeyed around with removing it once and did serious damage to an old box I was using for the experiement. I ended up having to do an Ignite restore.
Apache - significant issues. Right now I have a seemingly pointless port 80 abuse on my Linux Apache server and its driving me crazy, since I'm 7,000 miles from the box and must tread lightly.
Tomcat: If the box is not a web server tomcat provides no functionality.
Webmin based admin. I think for this you need apache running. There are no security hazards in this product that I know of, and its actually quite useful.
XML - No web server, no need for these.
Mozilla - Very useful, pretty secure. I use it to get patches so there is zero chance of me ruining the depot by forgetting to ftp the thing right from my pc. Also, the ftp step transmits passwords in clear text. Bad idea.
Ximian GNOME - Dead product, no support any more. Decided not to go to Gnome. Their port was nice, but old. It was patched a lot and there may have been security hazards.
Java - Oracle needs it. Mozilla needs it. I'd think about changing my mind.
IPfilter - No security hazards. Easy to use, can be helpful in improving security. I'd reconsider this one unless you trust each and every user BEHIND your firewall. Remember 65% of system attacks come from employees.
General rule on security is: If its not going to be used, don't install it. It can not be abused if it does not exist on the system.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-17-2005 07:39 PM
тАО02-17-2005 07:39 PM
Re: security
thanks for 10 points, but I would really like to know
why would you recommend not installing IPFilter for
better security. I have been working for
Hewlett-Packard's IPFilter team for last few years and
you are the first person I have seen who is
recommending to avoid installing IPFilter and would
really like to know what I'm missing here.
- Biswajit