Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
71727374757677787980
Internet Assigned Numbers Authority (IANA) at http://www.iana.org. Verify that
the port numbers listed for Internet Services match port numbers registered with
IANA.
Comment out unnecessary services, such as finger, in /etc/inetd.conf. The
finger command displays user information without needing a password.
Comment out Remote Procedure Calls (RPC) services in /etc/inetd.conf.
Comment out inetd "internal trivial" services in /etc/inetd.conf to avoid
denial-of-service attacks. A malicious user might overload inetd with chargen
(character generator) requests. For more information, see inetd(1M) and inetd.conf(4).
4.2.1.1 Denying or Allowing Access Using /var/adm/inetd.sec
In addition to configuring the /etc/inetd.conf file, you can configure an optional
security file called /var/adm/inetd.sec to restrict access to the services started by
inetd. The /var/adm/inetd.sec file lists which hosts are allowed or denied access
to each service. For more information, see inetd.conf(4).
For example:
login allow 10.3-5 192.34.56.5 ahost anetwork
login deny 192.54.24.5 cory.example.edu.testlan
4.3 Protection Against Spoofing with TCP Wrappers
Transmission Control Protocol (TCP) Wrappers provide enhanced security for services
spawned by inetd. TCP Wrappers are an alternative to using /etc/inetd.sec. TCP
Wrappers provide protection against host name and host address spoofing. Spoofing
is a method of pretending to be a valid user or host to gain unauthorized access to a
system.
To prevent spoofing, TCP Wrappers uses Access Control Lists (ACLs). The ACLs are lists
of systems in the /etc/hosts.allow and /etc/hosts.deny files. TCP Wrappers
provide some protection against IP spoofing when configured to verify host name to IP
address mapping and to reject packets with IP source routing.
However, TCP Wrappers do not provide cryptographic authentication or data encryption.
Like inetd, information is passed in clear text.
TCP Wrappers are part of the HP-UX Internet Services software. For more information,
see the HP-UX Internet Services Administrator's Guide:
http://www.hp.com/go/hpux-networking-docs
Click HP-UX 11i v3 Networking Software.
You can also see the following manpages:
tcpd(1M), tcpdmatch(1), tcpdchk(1), tcpd.conf(4), hosts_access(3), hosts_access(5), and
hosts_options(5).
72 Remote Access Security Administration