HP TippingPoint Next Generation Firewall manual Svc

Page 54

svc

Collection of attribs used to enable various services that execute within the system. While the system implements an internal firewall to protect against attacks, further security can be implemented by disabling unneeded services.

Related Commands

ntp, snmp, pwd

Table 3-21 svc Attributes

Attribute

Description

Type

Access

Range

 

 

 

 

 

svc.fips-enable

Attribute used to enable/disable SMS FIPS

Bool

read-write

0

 

mode. In this mode, only FIPS 140-2

 

 

 

 

approved cryptographic algorithms are

 

 

 

 

used when allowing SSH connections.

 

 

 

 

NOTE: FIPS mode cannot be enabled if SSH

 

 

 

 

has not been enabled. Also, disabling SSH

 

 

 

 

automatically disables FIPS mode.

 

 

 

 

Example:

 

 

 

 

set svc.fips-enable=yes

 

 

 

 

 

 

 

 

svc.http-enable

Attribute used to enable/disable the HTTP

Bool

read-write

0

 

(HTTP protocol) service.

 

 

 

 

The HTTP service is used to download the

 

 

 

 

SMS client during the installation process

 

 

 

 

and download other files. The service is

 

 

 

 

configured to prevent CGI and other active

 

 

 

 

server processing. Once the client is

 

 

 

 

downloaded, the service can be disabled

 

 

 

 

until an updated client is available. HTTP

 

 

 

 

and HTTPS can be enabled separately.

 

 

 

 

To enable HTTP, set the svc.http-enable

 

 

 

 

attrib to true. To disable, set to false.

 

 

 

 

Example:

 

 

 

 

set svc.http-enable=true

 

 

 

 

 

 

 

 

svc.https-enable

Attribute used to enable/disable the HTTPS

Bool

read-write

0

 

(Secure HTTP protocol) service.

 

 

 

 

The HTTPS service is used to download the

 

 

 

 

SMS client during the installation process.

 

 

 

 

The service is configured to prevent CGI

 

 

 

 

and other active server processing. Once

 

 

 

 

the client is downloaded, the service can be

 

 

 

 

disabled until an updated client is available.

 

 

 

 

To enable HTTPS, set the svc.https-enable

 

 

 

 

attrib to true. To disable, set to false.

 

 

 

 

 

 

 

 

svc.ping-enable

Attribute used to enable/disable incoming

Bool

read-write

0

 

ping support. Responding to pings can be

 

 

 

 

considered a security weakness for systems.

 

 

 

 

When disabled, the SMS will not respond to

 

 

 

 

ICMP Echo Requests.

 

 

 

 

Example:

 

 

 

 

set svc.ping-enable=true

 

 

 

 

 

 

 

 

44 SMS Attributes and Objects

Image 54
Contents HP TippingPoint Security Management System CLI Reference Unix is a registered trademark of The Open Group Table of Contents SMS Attributes and Objects List of Tables Page About This Guide Document Conventions Document Messages Customer Support Using the Command Line Interface Remote Paths Help Command Lists all commands, objects, and attributes Console ClearCls DateDns FactoryresetDir ExitFtp GetHelp Ifconfig IpconfigKbdcfg List MgmtsettingsKey MonitorNotify NicsettingsPassword NtpPing Quit RebootPing6 ResolveReverse Service-accessRestart RoutesShutdown SetupSet SnmpSnmp-request Snmp-trapSsh SnmpgetSnmpwalk TimeTouch TracerouteUpdate UsersVersion ‘read-only’View WebWho SMS Attributes and Objects CliCtl To set ctl.upgrade-source , this takes Time that the database was String Read-only Re-initialized High availability Health Indication for Celsius Kbd DesignationLicense Logs NetFor information on set net, see set on Related Commands 11 net Attributes Description Type Access Range Pkg 13 pkg Attributes Description Type Access Range Pwd Radius RadiusRoute PAP, CHAP, MSCHAP, MSCHAP2 EAPMD5Route6 SmtpSHA DES Attrib used to remove an Snmp trap String Write-only TripleDES Examples Snmp.trap-user Svc To true. To disable, set to false Example Sys 24 time Attributes Description Type Access Range SMS Attributes and Objects
Related manuals
Manual 252 pages 61.66 Kb Manual 68 pages 46.8 Kb Manual 54 pages 53.98 Kb