HPE Community
Operating System - HP-UX
1827806 Members
2222 Online
109969 Solutions
New Discussion

Re: Unix Security

 
SOLVED
Go to solution
Wong_3
Advisor

‎10-22-2002 05:55 PM

‎10-22-2002 05:55 PM

Unix Security

Hi,

I need to come up with a detailed proposal on both on unix system and network security. Anyone can share with me their information or direct me to some good sources? Thanks!
Learning is a journey till the end of life
0 Kudos
Reply
11 REPLIES 11
Michael Tully
Honored Contributor

‎10-22-2002 06:12 PM

‎10-22-2002 06:12 PM

Solution

Re: Unix Security

Hi,

You need to check out HP-UX bastille, as the white paper on building a 'Bastion Server'.

HP-UX bastille (free)
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

How to build a Bastion server:
http://people.hp.se/stevesk/bastion11.html

Check Bill Hassell's comments on this post:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,11866,0x4499e7e60861d511abcd0090277a778c,00.htm

and this one:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,11866,0x67f9c6af36b7d5118ff10090279cd0f9,00.html

HTH
Michael
Anyone for a Mutiny ?
Reply
Bill Hassell
Honored Contributor

‎10-22-2002 06:27 PM

‎10-22-2002 06:27 PM

Re: Unix Security

This is a very complex task depending on whether you are already protected by strong firewalls and a knowledgeable network support staff. As a minimum, get Chris Wong's book on HP-UX Security. Then overestimate the cost of the task (in hours) by about 200% so that managment can slash the estimate in half and you'll have about the right amount of time.

Get the HP-UX security patch checker which then point out numerous problems with previous installations of patches and products.

If this machine is to be on the open Internet, you'll need the Bastion host white paper--and follow it carefully *BEFORE* you connect to the net.

Network security is easily as complex (and very different) as HP-UX security (or Unix in general). If management is serious about security, you will need an expert. I would avoid Bubba's Unix Security and TV Repair Shop as a vendor (get someone who is truly qualified).


Bill Hassell, sysadmin
Reply
Dave Unverhau_1
Honored Contributor

‎10-22-2002 07:09 PM

‎10-22-2002 07:09 PM

Re: Unix Security

You might find that having HP perform a security review. We have a number of experts who can provide valuable guidance.

If you have a proactive support agreement with HP, this consultation can be covered by utilizing your Technical Support Entitlement deliverables. Otherwise, this service can be purchased. I've spoken with several customers who have had HP provide this service and they have been very pleased.

I don't mean to make this sound like an advertisement, but if you do have a PSS, CSS or BCS support contract, it might be attractive to use the entitlements, rather than spend out-of-pocket money.

...And as Bill and Michael pointed out, the Bastion host white paper is an excellent starting point!

Best Regards,

Dave
Romans 8:28
0 Kudos
Reply
Christian Gebhardt
Honored Contributor

‎10-22-2002 09:53 PM

‎10-22-2002 09:53 PM

Re: Unix Security

A good book for "practical" security is
"Practical Unix & Internet Security" written by Simson Garfinkel and Gene Stafford from O'Reilly & Associates,Inc

Chris
0 Kudos
Reply
Wodisch
Honored Contributor

‎10-23-2002 10:48 AM

‎10-23-2002 10:48 AM

Re: Unix Security

Hi,

do not forget to install and use the additional products to improve your HP-UX systems' security, like:
- OpenSSH
- IPFilter/9000

FWIW,
Wodisch
0 Kudos
Reply
Ronald Cogen
Frequent Advisor

‎10-23-2002 11:21 PM

‎10-23-2002 11:21 PM

Re: Unix Security

Hi,

Take a look at the HP-Manual "Administering your HP-UX Trusted System HP 9000 Computer Systems", HP Part Nr. B2355-90121 (1996).
The manual describes the tasks required for configuring and administering a HP-UX system as a C-2 level trusted system.
Chapter 1 Description of the HP-UX Trusted System
Chapter 2 Installation and Configuration of a HP-UX Trusted System
Chapter 3 Practices that enforce the Trustworthiness of the System
Chapter 4 Practices that Compromise the Trustworthiness of the System
App A Audit Record Format
App B Commands and System Calls
App C SFUG Supplement

If I'm not mistaken, you can find the manual at the documentation web-site. Be careful, when setting up a trusted system. Good luck.

Regards,
Ron
I've been down so long it looks like up to me
0 Kudos
Reply
Wong_3
Advisor

‎10-23-2002 11:55 PM

‎10-23-2002 11:55 PM

Re: Unix Security

Thanks for the help guys. I will try to look through all the documents. By the way, I have assigned some points but somehow it is not reflected. Do you guys see the points that i have assigned??
Learning is a journey till the end of life
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎10-24-2002 12:32 AM

‎10-24-2002 12:32 AM

Re: Unix Security

hi,

It is very important to keep updated with patches especially the one released for correcting security bugs!

One way of keeping informed is to subscribe to Security newsletters like Secure Wire (http://infosecuritymag.bellevue.com/)

You should also take into consideration "application level patches"

E.g. Oracle Security Alert #45: Security Release of Apache 1.3.27 released recently by Oracle Security Product Management.

hope this helps!

Regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Ronald Cogen
Frequent Advisor

‎10-24-2002 12:44 AM

‎10-24-2002 12:44 AM

Re: Unix Security

Hello,

Thanks for the points. I can see them clearly.
Regards,
Ron
I've been down so long it looks like up to me
0 Kudos
Reply
Chuck J
Valued Contributor

‎10-24-2002 01:15 AM

‎10-24-2002 01:15 AM

Re: Unix Security

Hi

All the points showed up. Also do a seach on the internet for "server hardening scripts" These can remove uneeded software and close down ports that you don't need to use.

Chuck J
0 Kudos
Reply
W.C. Epperson
Trusted Contributor

‎10-24-2002 04:27 AM

‎10-24-2002 04:27 AM

Re: Unix Security

The CERT/AUSCERT checklist also contains some excellent points:

http://www.auscert.org.au/Information/Auscert_info/papers.html
"I have great faith in fools; self-confidence, my friends call it." --Poe
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.