HP UX Bastille Software SecureInetd.ftp_logging, SecureInetd.deactivate_tftp, SecureInetd.deactivate_time, SecureInetd.deactivate

protocol. Any data transferred, including passwords, can be monitored by anyone else on your network even if you use a switching router. Switches were designed for performance, not security and can be made to broadcast. Other networks can monitor this information too if the Telnet session crosses multiple LANs. There are also other more active attacks. For example, anyone who can eavesdrop can usually take over your Telnet session using a tool like Hunt or Ettercap. The standard practice among security-conscious sites is to migrate as rapidly as practical from Telnet to Secure Shell (command: ssh). HP recommends to make this move as soon as possible. Secure shell implementations are available from openssh.org and ssh.com. Most operating system vendors also distribute a version of secure shell. Check with your vendor first to see if there is a version that has been tested with your OS.

NOTE: Deactivating the telnetd service will not affect your Telnet client.

Actions In the /etc/inetd.conf file, comment out the entry for telnet.

SecureInetd.deactivate_tftp

Headline	Ensure the inetd TFTP service does not run on this system.
Default	Y
Description	The Trivial File Transfer Protocol (TFTP) is often used to download operating
	system images and configuration data to diskless hosts. TFTP is a UDP-based
	file-transfer program that provides little security. If this machine is not a boot
	server for diskless host/appliances or an Ignite-UX server, TFTP should be
	disabled.
Actions	In the /etc/inetd.conf file, comment out the entry for tftp.

SecureInetd.deactivate_time

Headline	Ensure the inetd time service does not run on this system.
Default	N
Description	The time service built into inetd produces machine-readable time in seconds
	since midnight on 1 January 1900 (RFC 868). It is used for clock
	synchronization, but it lacks the ability to be configured securely. HP
	recommends disabling the time service for this machine. Use the Network
	Time Protocol to synchronize clocks because XNTP can be configured securely.
	For more information on XNTP, xntpd(1).
Actions	In the /etc/inetd.conf file, comment out the entry for time.

SecureInetd.deactivate_uucp

Headline	Ensure the inetd uucp service does not run on this system.
Default	Y
Description	UNIX to UNIX Copy (UUCP) copies files named by the source_files
	argument to the destination identified by the destination_file argument.
	UUCP uses clear-text transport for authentication. It is not commonly used.
	HP recommends disabling this service and using a more secure file transfer
	program such as scp.
Actions	In the /etc/inetd.conf file, comment out the entry for uucp.

SecureInetd.ftp_logging

Headline	Enable logging for FTP connections.
Default	N