Network Security Features of HP-UX 11i v1 and 11i v2
Network Security Features of HP-UX 11i
Page 23
Security Features in Internet Service Products
HP-UX Internet Service products deliver and support the networking services considered essential to HP-
UX customers interoperating on TCP/IP - based networks. Many of these services have evolved to
address security issues. For example, Secure Internet Services, as discussed in the Kerberos section of this
white paper, provides strong user authentication for
ftp, rcp, rlogin, telnet, and remsh services.
Other services with built-in security features are:
• Domain Name Service and Berkeley Internet Name Domain (DNS/BIND): The IETF has
addressed the security limitations of the Internet DNS through the introduction of DNS security
protocols, including DNS Security (DNSSEC), Transaction Signature (TSIG), and Transaction Key
(TKEY). These protocols are implemented in BIND version 9.2.
• Secure inetd: Secure inetd (inetd.sec) provides remote access control for Internet Services.
inetd is the Internet master daemon, which invokes Internet service daemon processes such as
ftpd, telnetd, and UNIX commands as needed. A secure inetd allows the system administrator
to control which hosts or networks are allowed to use the system remotely.
• Sendmail: Sendmail 8.11.1 contains new and enhanced security features, including spam control
using Message Submission Agent as described in RFC2476. It also implements SMTP authentication
based on RFC2554.
• WU-FTPD: WU-FTPD includes Increased access control, Enhanced logging capabilities, Virtual
hosts support, RFC1413 (Identification Protocol) support
HP-UX Internet Services are available for download from Software Depot.
Sendmail 8.11.1 is available for as a web upgrade from Software Depot. Sendmail 8.11.1 is also available
as part of the HP-UX 11i operating system (HP-UX 11i version 2 only).
WU-FTPD 2.6.1 is the latest version of WU-FTPD available as a web upgrade from Software Depot.
WU-FTPD 2.4 is the FTP daemon for HP-UX 11i systems.