Table of Contents
Advertisement
protocol. Any data transferred, including passwords, can be monitored by
anyone else on your network even if you use a switching router. Switches
were designed for performance, not security and can be made to broadcast.
Other networks can monitor this information too if the Telnet session crosses
multiple LANs. There are also other more active attacks. For example, anyone
who can eavesdrop can usually take over your Telnet session using a tool like
Hunt or Ettercap. The standard practice among security-conscious sites is to
migrate as rapidly as practical from Telnet to Secure Shell (command: ssh).
HP recommends to make this move as soon as possible. Secure shell
implementations are available from openssh.org and ssh.com. Most operating
system vendors also distribute a version of secure shell. Check with your
vendor first to see if there is a version that has been tested with your OS.
NOTE:
Actions
In the /etc/inetd.conf file, comment out the entry for telnet.
SecureInetd.deactivate_tftp
Headline
Ensure the inetd TFTP service does not run on this system.
Default
Y
Description
The Trivial File Transfer Protocol (TFTP) is often used to download operating
system images and configuration data to diskless hosts. TFTP is a UDP-based
file-transfer program that provides little security. If this machine is not a boot
server for diskless host/appliances or an Ignite-UX server, TFTP should be
disabled.
Actions
In the /etc/inetd.conf file, comment out the entry for tftp.
SecureInetd.deactivate_time
Headline
Ensure the inetd time service does not run on this system.
Default
N
Description
The time service built into inetd produces machine-readable time in seconds
since midnight on 1 January 1900 (RFC 868). It is used for clock
synchronization, but it lacks the ability to be configured securely. HP
recommends disabling the time service for this machine. Use the Network
Time Protocol to synchronize clocks because XNTP can be configured securely.
For more information on XNTP, xntpd(1).
Actions
In the /etc/inetd.conf file, comment out the entry for time.
SecureInetd.deactivate_uucp
Headline
Ensure the inetd uucp service does not run on this system.
Default
Y
Description
UNIX to UNIX Copy (UUCP) copies files named by the source_files
argument to the destination identified by the destination_file argument.
UUCP uses clear-text transport for authentication. It is not commonly used.
HP recommends disabling this service and using a more secure file transfer
program such as scp.
Actions
In the /etc/inetd.conf file, comment out the entry for uucp.
SecureInetd.ftp_logging
Headline
Enable logging for FTP connections.
Default
N
Deactivating the telnetd service will not affect your Telnet client.
59
Advertisement
Table of Contents
