[HPADM] [SUMMARY] Securing/Hardening HP-UX Box - Best Ways

From: Deepak John Cutinha (deepak_cutinha@yahoo.com)
Date: Thu Aug 12 2004 - 04:46:46 EDT

• Next message: Ernesto Freyre R.: "[HPADM] installing wu-ftpd on HP UX 11i"
• Previous message: Ruby Domalanta: "[HPADM] [HPADM Summary] How to create special file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thank you....

Sweeney, Paul
Lodge, David
Paveza, Gary
Piotr Kolacz
Rita Workman
Roy Kidder
Prashun Gupta
Colin Haffenden

Hope I have not missed someone...I now have a
Bastioned Host Up and running !!

Here are the important things listed by the elite...

Useful Links and Notes:

http://www.secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html

Try these : PAM, IPSec, SCM, SCR, and IDS/9000

Additionally, since there are constantly new exploits
being discovered,
I'd suggest subscribing to a security mailing list
such as bugtraq.

I started with the basics.....inetd.conf to limit the
access to
certain IP ranges and denying things I didn't want
used.
..cleaning up old login accounts that weren't in use
anymore
..enforcing regular password changes on login accounts
....You can go to trusted if you like
..locking down any and all 'outside' ftp to restricted
and chroot the
accounts. Be sure to kill all guest and anonymous
privilege.

It is not free but secure - hp-ux secure edition -
they call VV
(VirtualVault).Take look at www.hp.com

Check out bastille. It's a free product.
http://software.hp.com

1) Dig out the HP-UX bastion host document
http://www.secinf.net/unix_secutiry/Building_a_Bastion_Host_Using_HPUX_11.html

2) Use the bastion host project to do some of the hard
work for you

The basic principles of hardening a box:
1) Disable everything that isn't used
2) Uninstall everything that isn't used (if you can)
3) Secure everything that is used (depending on the
daemon)

To prevent flooding attacks and similar DoS attacks it
would be better
to invest in a firewall designed to handle these...

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000066258828

This group is really useful to me ..

Thanks one and All..

Have a Good Day...

Deepak Cutinha

        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)

• Next message: Ernesto Freyre R.: "[HPADM] installing wu-ftpd on HP UX 11i"
• Previous message: Ruby Domalanta: "[HPADM] [HPADM Summary] How to create special file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:42 EDT