Administrator's Guide
4.1.4 Other Security Solutions for Spoofing
Spoofing is a method of pretending to be a valid user or host to gain unauthorized access
to a system. Because IP addresses and hostnames can be spoofed, using the
/var/adm/inetd.sec security file for inetd (the internet daemon) is not a guaranteed
security solution. See Section 4.2 for information about inetd.
The following security features or products are alternative security solutions:
• IPFilter is a TCP/IP packet filter suitable for use as a system firewall to protect
application servers.
For information on HP-UX IPFilter, see the HP-UX IPFilter Administrator's Guide:
www.hp.com/go/hpux-security-docs
Click HP-UX IPFilter Software.
• TCP Wrappers provides a TCP wrapper daemon, tcpd, that is invoked by inetd
to provide additional security. For more information, see Section 4.3 and the HP-UX
Internet Services Administrator's Guide:
http://www.hp.com/go/hpux-networking-docs
Click HP-UX 11i v3 Networking Software.
• Secure Internet Services allows use of Kerberos authentication and authorization for
ftp, rcp, remsh, rlogin, and telnet. Instead of user passwords, encrypted
Kerberos authentication records transmit over the network. For more information,
see the following:
— Section 4.4
— Installing and Administering Internet Services:
http://www.hp.com/go/hpux-networking-docs
Click HP-UX 11i v3 Networking Software.
— Configuration Guide for Kerberos Client Products on HP-UX:
www.hp.com/go/hpux-security-docs
Click HP-UX Kerberos Data Security Software.
• IPSec, an IP security protocol suite, provides security for IP networks such as data
integrity, authentication, data privacy, application-transparent security, and
encryption.
For information on HP-UX IPSec, see the HP-UX IPSec Administrator's Guide:
www.hp.com/go/hpux-security-docs
Click HP-UX IPSec Software.
4.2 The inetd Daemon
The Internet daemon, /usr/sbin/inetd, is the master server for many Internet Services.
70 Remote Access Security Administration