From: Deepak John Cutinha (deepak_cutinha@yahoo.com)
Date: Thu Aug 12 2004 - 04:46:46 EDT
Thank you....
Sweeney, Paul
Lodge, David
Paveza, Gary
Piotr Kolacz
Rita Workman
Roy Kidder
Prashun Gupta
Colin Haffenden
Hope I have not missed someone...I now have a
Bastioned Host Up and running !!
Here are the important things listed by the elite...
Useful Links and Notes:
http://www.secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html
Try these : PAM, IPSec, SCM, SCR, and IDS/9000
Additionally, since there are constantly new exploits
being discovered,
I'd suggest subscribing to a security mailing list
such as bugtraq.
I started with the basics.....inetd.conf to limit the
access to
certain IP ranges and denying things I didn't want
used.
..cleaning up old login accounts that weren't in use
anymore
..enforcing regular password changes on login accounts
....You can go to trusted if you like
..locking down any and all 'outside' ftp to restricted
and chroot the
accounts. Be sure to kill all guest and anonymous
privilege.
It is not free but secure - hp-ux secure edition -
they call VV
(VirtualVault).Take look at www.hp.com
Check out bastille. It's a free product.
http://software.hp.com
1) Dig out the HP-UX bastion host document
http://www.secinf.net/unix_secutiry/Building_a_Bastion_Host_Using_HPUX_11.html
2) Use the bastion host project to do some of the hard
work for you
The basic principles of hardening a box:
1) Disable everything that isn't used
2) Uninstall everything that isn't used (if you can)
3) Secure everything that is used (depending on the
daemon)
To prevent flooding attacks and similar DoS attacks it
would be better
to invest in a firewall designed to handle these...
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000066258828
This group is really useful to me ..
Thanks one and All..
Have a Good Day...
Deepak Cutinha
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
-- ---> Please post QUESTIONS and SUMMARIES only!! <--- To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only) http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:42 EDT