[ILUG] Security Test Plans for HP-UX server.Suggestions?

Peter Farren peter.farren at trintech.com
Wed Jul 4 17:26:14 IST 2001 

Just a little one on the car.. I suggest buyinga new one or at least an
upgrade.



-----Original Message-----
From: Barry Carroll [mailto:barry.carroll at trintech.com]
Sent: Wednesday, July 04, 2001 3:03 PM
To: 'ilug at linux.ie'
Cc: Jane Shaw
Subject: RE: [ILUG] Security Test Plans for HP-UX server.Suggestions?


Maybe 'Learn UNIX in 10 minutes' might be a good idea! ;)

I once worked in tech support for graphics cards, and had
this woman calling from germany who said she was the sysop of a big Network.

She was an NT sysop, and after many hours I fixed her graphics problem.
(It took her a while to find her 'Start' button.) "No, I'm telling you,
there
isn't any button called 'Start' here"...you all get the idea....

So she rings me back later, "I was just wondering...., but do you know
anything
about setting up Networks?" - I nearly died.

Oh, by the way people, I'm having problems with my car, any
suggestions?....... ;)

I just dont know....!

-----Original Message-----
From: Niall O Broin [mailto:niall at linux.ie]
Sent: Wednesday, July 04, 2001 1:14 PM
To: ilug at linux.ie
Cc: Jane Shaw
Subject: Re: [ILUG] Security Test Plans for HP-UX server.Suggestions?


On Wed, Jul 04, 2001 at 11:37:40AM +0100, Jane Shaw wrote:

> I have recently become system administrator of a HP-UX box in a global 
> company. I do not have any UX experience, and would appreciate any 
> comments/details/suggestions on the issue of securing access to the box.
It 
> sits outside the firewall, and needs to be accessed by users from several 
> different countries, as well as users based here. These users are from 
> several different departments and should normally only have access to 
> certain files relevant to them. I was thinking of making them members of 
> groups with predefined privileges, except that in certain cases, users
need 
> to access files not permitted by their group. Suggestions? I had also 
> considered restricting access to the box based on IP address. Does anybody

> know how this can be done under UX? Other issues I had considered were:
> 1. Upon two unsuccessful login attempts, an alarm should be generated to 
> sysadmin.
> 2. Successful modifications to critical files should be alarmed to
sysadmin
> 3. Display time and date of last successful login for all logins.
> 4. Terminate an inactive session after 30 mins.
> If anyone has dealt with similar security issues, under UX, or any other 
> Unix O.S. I would appreciate the help. As I am new to UX, command details 
> would be very useful.

Am I the only one astonished by this ? In the first case, this a Linux Users
Group mailing list, though we do get occasional other queries from members.

Secondly, she freely says that she has NO UX experience (and the tone of her
questions makes me believe that she doesn't have much Unix experience) and
it seems that she thinks that one post to a Linux mailing list will turn her
into a competent HP-UX administrator.

But what I find most astonishing is the fact that Jane's global (but
presumably not very clueful) will put somebody with this level of
inexperience in charge of a box which is definitely in the worst place it
can be in terms of security, and also sounds like it is fairly important to
the company. 

The one saving grace (and it's a small one) is that it's a HP-UX box which
is probably reasonably immune to the attentions of the script kiddies.

Jane, this assignment is not going to be career enhancing unless you get
some serious training, and that soon. And frankly, if you had the ability to
absorb that much training that quickly, you should have had the intelligence
to refuse this poisoned chalice.


Forgive my jaundiced view, but I can't see what other kind of view any
rational person could have of this situation.




Kindest regards,




Niall  O Broin

-- 
Irish Linux Users' Group: ilug at linux.ie
http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
List maintainer: listmaster at linux.ie

-- 
Irish Linux Users' Group: ilug at linux.ie
http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
List maintainer: listmaster at linux.ie

More information about the ILUG mailing list