Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
61626364656667686970
4 Remote Access Security Administration
HP-UX provides several remote access services, such as file transfer, remote login, remote
command execution, management of IP addresses and network clients, routing protocols,
mail exchange, network services, and a security mechanism spawned by inetd, the
Internet super daemon.
This chapter discusses the following topics:
Overview of internet services and remote access services (Section 4.1)
The inetd Daemon (Section 4.2)
Protection against spoofing with TCP wrappers (Section 4.3)
Secure internet services (Section 4.4)
Controlling an administrative domain (Section 4.5)
Securing remote sessions using HP-UX Secure Shell (SSH) (Section 4.6)
4.1 Overview of Internet Services and Remote Access Services
This section provides brief descriptions of the authentication or authorization mechanism
used by various Internet Services, and the security risks.
For more information, see the HP-UX Internet Services Administrator's Guide and Using
HP-UX Internet Services:
http://www.hp.com/go/hpux-networking-docs
Click HP-UX 11i v3 Networking Software.
The HP-UX Internet Services provides authentication, either through password verification
or authorization that is set up in a configuration file. See Table 4-1 for a list of Internet
Services components and their access verification or authorization mechanism.
Table 4-1 Internet Services Components and Access Verification, Authorization, and
Authentication
Access Verification, Authorization, or Authentication MechanismInternet Services Component
Password verification. Also can use Kerberos authentication mechanism
defined in /etc/inetsvcs.conf. See ftp(1).
ftp (file transfer)
Entry in $HOME/.rhosts or /etc/hosts.equiv file. Also can use
Kerberos authentication mechanism defined in /etc/inetsvcs.conf.
See rcp(1).
rcp (remote copy)
Entry in $HOME/.rhosts or /etc/hosts.equiv file. See rdist(1).rdist (remote file
distribution)
Entry in $HOME/.rhosts or/etc/hosts.equiv file. Also can use
Kerberos authentication mechanism defined in /etc/inetsvcs.conf.
See remsh(1).
remsh, rexec (execute
from remote shell)
4.1 Overview of Internet Services and Remote Access Services 67