Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Controlling Security on a Network
Chapter 8 783
Controlling Security on a Network
From the perspective of security, networked systems are more vulnerable
than standalone systems. Networking increases system accessibility, but
also add greater risk of security violations.
While you cannot control security over the network, you can control the
security of each node on the network to limit penetration risk without
reducing the usefulness of the system or user productivity.
All network administration programs should be owned by a protected,
network-specific account, such as uucp, nso, or daemon, rather than
root.
Controlling an Administrative Domain
An administrative domain is a group of systems connected by network
services that allow users to access one another without password
verification. An administrative domain assumes system users have
already been verified by their host machine. Follow these steps to
identify and control an administrative domain.
1. List the nodes to which you export file systems in /etc/exports.
/etc/exports contains entries that consist of the path name of a file
system followed by a list of computers or groups of computers
allowed access to the file system. Any entry consisting of only a path
name without being followed by a computer name is a file system
available to every computer on the network.
The /etc/exports entries might contain names of groups of
computers. You can find out what individual machines are included
in a group by checking /etc/netgroup.
2. List the nodes that have equivalent password data bases in
/etc/hosts.equiv.
3. Verify that each node in the administrative domain does not extend
privileges to any unincluded nodes.
You must repeat steps 2 and 3 for each node in the domain.