Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

971

972

973

974

975

976

977

978

979

980

Conﬁguring HP-UX Bastille: Interview

Bastille Conﬁguration Questions and Explanations for HP-UX

Appendix B976

Ftp is another problematic protocol. First, it is a clear-text

protocol, like telnet -- this allows an attacker to eavesdrop on sessions and

steal passwords. This also allows an attacker to take over an FTP session,

using a clear-text-takeover tool like Hunt or Ettercap. Second, it can make

effective firewalling difficult due to the way FTP requires many ports to

stay open. Third, every major FTP daemon has had a

long history of security vulnerability -- they represent one of the major

successful attack vectors for remote root attacks.

FTP can be replaced by Secure Shell's scp and sftp programs.

NOTE: Answering "yes" to this question will also prevent the use of this

machine as an anonymous ftp server.

Secure Inetd Q: Should Bastille ensure that the login, shell, and exec services do

not run on this system? [Y]

The login, shell, and exec services make use of r-tools: rlogind,

remshd, and rexecd respectively, which use IP based

authentication. This form of authentication can be easily defeated via

forging packets that suggest the connecting machine is a trusted host

when in fact it may be an arbitrary machine on the network. Administrators

in the past have found these services useful but many are unaware of the

security ramifications of leaving these services enabled.

We suggest disabling these services unless this machine's use

model requires the services present.

Remote ignition, backup, etc. using Ignite-UX requires the remshd services

for remote execution of commands.

Secure Inetd Q: Should Bastille ensure inetd's TFTP service does not run on this

system? [Y]

TFTP is often used to download operating system images and

configuration data to diskless hosts. The Trivial File Transfer Protocol

(TFTP) is a UDP-based file-transfer program that provides hardly any security.

If this machine is not a boot server for diskless host/appliances or an

Ignite-UX server then TFTP should be disabled.

Secure Inetd Q: Should Bastille ensure inetd's bootp service does not run on this

system? [Y]

The bootpd daemon implements three functions:

a Dynamic Host Configuration Protocol (DHCP) server, an Internet Boot

Protocol (BOOTP) server, and a DHCP/BOOTP relay agent. If this system

is not a BOOTP/DHCP server nor a DHCP/BOOTP relay agent then it is advisable

to disable this service

Secure Inetd Q: Should Bastille ensure inetd's ﬁnger service does not run on this

system? [Y]