- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Tcpip vulnerability /SSRT4696
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2005 01:53 AM
12-09-2005 01:53 AM
Tcpip vulnerability /SSRT4696
My company recently made a contract with Qualys Inc. to test our systems. When test where run against our Vms-cluster, we got notified about possible vulnerability on port 21 and 23. I can't find any papers that are about this problem specially for VMS. Is anyone familiar with this and should I worry about this.
Our cluster is behind firewalls and we have front end machines behind the firewalls that communicate with our cluster, witch is only running Oracle database. OpenVMS 7.3-2 and Oracle 9.2.0.5
Thanks in advance...
Kjartan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2005 02:50 AM
12-09-2005 02:50 AM
Re: Tcpip vulnerability /SSRT4696
We have systems that do not have SSH compatibility or software packages that communicate that don't work with SSH. So on our systems we have to present a "security exception" to run those 2 images.
I would suggest contacting Qualsys and ask for exact information on what they are testing. In some cases they perform additional tests that check underlying vulnerabilities on those ports.
As an example. On port 21 after you do an FTP to a VMS machine and type CHMOD. Nothing should happen because VMS does not recognize the command. However some of the Vulnerability scans determine that this is a security issue because the CHMOD did not return what they expected to see.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2005 03:07 AM
12-09-2005 03:07 AM
Re: Tcpip vulnerability /SSRT4696
As noted Ports 21 and 23 are telnet and ftp respectively.
There are two sets of issues with these ports:
- the basic protocols expose passwords for compromise by eavesdropping. For this reason, many security checklists flag the use of these protocols. In the case of ftp, the issue reflects non-anonymous ftp (in the case of anonymous ftp, password exposure is generally a non-issue).
- the second issue is whether the servers for these protocols have implementation defects which can compromise the underlying system. This is a concern, but only if the "detection" is valid. It is not unusual for security scans to check for the common Windows and Unix/Linus behaviors, and give false indications when OpenVMS is encountered.
Get the details of the reported problems, and then determine if they are correct reports. Regardless of whether they are correct, or not, be sure to write a memorandum to your management about the results of your post-scan review.
- Bob Gezelter, http://www.rlgsc.com
Contributing Editor, Computer Security Handbook, Internet Security(3rd & 4th Editions), http://www.computersecurityhandbook.com
Contributor, Handbook of Information Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2005 03:07 AM
12-09-2005 03:07 AM
Re: Tcpip vulnerability /SSRT4696
As noted Ports 21 and 23 are telnet and ftp respectively.
There are two sets of issues with these ports:
- the basic protocols expose passwords for compromise by eavesdropping. For this reason, many security checklists flag the use of these protocols. In the case of ftp, the issue reflects non-anonymous ftp (in the case of anonymous ftp, password exposure is generally a non-issue).
- the second issue is whether the servers for these protocols have implementation defects which can compromise the underlying system. This is a concern, but only if the "detection" is valid. It is not unusual for security scans to check for the common Windows and Unix/Linux behaviors, and give false indications when OpenVMS is encountered.
Get the details of the reported problems, and then determine if they are correct reports. Regardless of whether they are correct, or not, be sure to write a memorandum to your management about the results of your post-scan review.
- Bob Gezelter, http://www.rlgsc.com
Contributing Editor, Computer Security Handbook, Internet Security(3rd & 4th Editions), http://www.computersecurityhandbook.com
Contributor, Handbook of Information Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2005 03:39 AM
12-09-2005 03:39 AM
Re: Tcpip vulnerability /SSRT4696
(more exposed) system using SSH than I do
using Telnet. And some of the SSH attacks
run on for thousands of attempts. The rare
Telnet attacks are usually quite brief.
The TCPIP FTP server is so different from
what the usual scripts expect that the FTP
attacks always fail harmlessly, usually
leaving only some clutter in the anonymous
FTP server log and one OPCOM message, like:
%%%%%%%%%%% OPCOM 9-DEC-2005 07:08:27.48 %%%%%%%%%%%
Message from user TCPIP$FTP on ALP
User Name: anonymous
Source: 84.101.116.32
Status: NOPRIV -- File access violation
Object: SYS$SYSDEVICE:[ANONYMOUS.051209140830p]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2005 06:50 AM
12-09-2005 06:50 AM
Re: Tcpip vulnerability /SSRT4696
From my own experience, I can second Steven, at least for anonymous FTP set up to be download only (I don't allow upload on my site) port 23 is pretty safe. "Normal" FTP however can be somewhat troublesome as will telnet. Does intrusion detection and protection work on FTP as well? If so, you're safer with VMS then any other system - on both ports.
Nevertheless, if your VMS boxes run only Oracle database, what need is there (apart from system and database management) for telnet (port 23)? FTP I could understand, but even that could be limited to the frontend- and backend systems.
Perhapes these consultants know just aboutr Windows and p;robably some Unixes.
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2005 09:42 PM
12-12-2005 09:42 PM
Re: Tcpip vulnerability /SSRT4696
I talked to the Qualys guis, and they could not give me more information. The notice is on HP support web as possible general problem, not specific for VMS. So I will ignore this.
Thanks for your input..
Kjartan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2005 02:08 AM
12-13-2005 02:08 AM
Re: Tcpip vulnerability /SSRT4696
Kjartan