Xerox 701P46740 Sendmail daemon secured, Network parameters secured, Executable stacks disabled

Page 16

NOTE: All of these services are prohibited with a 'high' security setting, but if they are re-enabled manually the hostname information will remain hidden.

Sendmail daemon secured

Sendmail is forced to perform only outgoing mail. No incoming mail will be accepted.

Network parameters secured

Sun's nddconfig security tool is run. For additional information, view Sun's document, Solaris Operating Environment Network Settings for Security, at

http://www.sun.com/solutions/ blueprints/1200/network-updt1.pdf.

Executable stacks disabled

The system stack is made non-executable. This is done so security exploitation programs cannot take advantage of the Solaris OE kernel executable system stack and thereby attack the system.

NFS port monitor restricted

The NFS server normally accepts requests from any port number. The NFS Server is altered to process only those requests from privileged ports. Note that with the high security setting, NFS is disabled; however if the service is re-enabled manually, the port restriction will still apply.

Remote CDE login disabled

The Remote CDE login is disabled.

Xerox FreeFlow Print Server router capabilities disabled

The Xerox FreeFlow Print Server router capabilities is disabled (empty/etc/notrouter file created).

12	Security Guide

Image 16

Contents Security Guide USA Table of contents Table of contents About this guide ContentsConventions Customer support Security System supplied security profilesCD-ROM FTPEnable and disable services BSMS72AUTOINSTALL S40LLC2S47ASPPP S70UUCPS15NFS.SERVER S17HCLNFS.DAEMONS76SNMPDX S77DMISecurity Guide Security Guide User level changes Disabling secure name service databases Multicast routing disabledSolaris file permissions OS and host information hiddenExecutable stacks disabled Remote CDE login disabledXerox FreeFlow Print Server router capabilities disabled Sendmail daemon securedRemote shell internet service Enable-ftp and disable-ftpSecurity warning banners Disabling LP anonymous printingSetting the current and default profiles Account managementCreating user-defined profiles Local users and groupsDefault user groups and user accounts Group authorization Creating user accountsMED CD-ROM CDSAuto-Logon Default Screen/Auto-Logoff Password securityStrong Passwords How to Enable/Disable Strong PasswordAudit Logs GUI LoggingAccessing the Xerox FreeFlow Print Server through ADS Date/Time User Login/LogoutChanging individual passwords User Activity on the SystemLimiting access IP FilteringSecure Socket Layer Using the Print Server SSL/TLS Security FeatureRemote Workflow Creating and Using a Self-Signed Certificate IsgwSecurity Guide Network Protocol Digital CertificatesHttp IPPSnmp WinsMicr mode Secure PrintSSL NFSPrevent Unauthorized Queue Changes Roles and responsibilitiesQueue Lock Xerox responsibilitiesSecurity tips Customer ResponsibilitiesVirus Scan Online Help for security