If available, use Safeguard software or a third party object security product to grant
access to Expand object files only to users who require access in order to perform their
jobs.
BP-SAFE-EXPAND-01 to 02 Add a Safeguard Protection Record to grant
appropriate access to the NCPOBJ object file.
Discovery Questions Look Here:
FILE-POLICY Is Expand used to network systems together? Policy
PROCESS-NCPOBJ-01 Is the $NCP process running? Status
PROCESS-OZEXP-01 Is the $ZEXP process running? Status
OPSYS-OWNER-01 Who owns the NCPOBJ object file? Fileinfo
OPSYS-OWNER-01 Who owns the OZEXP object file? Fileinfo
OPSYS-LICENSE-01 Is the OZEXP object file licensed? Fileinfo
FILE-POLICY Who is allowed to manage the Expand network
on the system?
Policy
FILE-EXPAND-01
SAFE-EXPAND-01
Is the NCPOBJ object file correctly secured
with the Guardian or Safeguard system?
Fileinfo
Safecom
FILE-EXPAND-02
SAFE-EXPAND-02
Is the OZEXP object file correctly secured with
the Guardian or Safeguard system?
Fileinfo
Safecom
FILE-EXPAND-03 Are the configuration files of file code 832
secured correctly?
Fileinfo
FINGER System Utility
FINGER is the HP NonStop server FINGER client. It is used to interactively test the
connection to a remote system. The remote system need not be another NonStop
server.
FINGER is used to request information about users that are currently logged on to
a system on the network. The type of information and the format of the display depend
upon the service provided by the FINGER server on the remote system.
FINGER is a part of the TCP/IP subsystem which provides snapshots of running
connections.
RISK Someone familiar with FINGER could use it from a remote machine to
get IP addresses and other connection information about a system.
298 FINGER System Utility
RISK FINGER could be used to obtain a list of user names from a system
without logging on to the system, thus giving an attacker a starting point to try
to logon.
AP-ADVICE-FINGER-01 To eliminate this risk, FINGER must be removed
from the TCP/IP PORTCONF file.
The components of FINGER are:
FINGER
FINGSERV
FINGER
FINGER is the HP Nonstop finger client to request TCP/IP connection information.
FINGSERV
FINGSERV is the HP NonStop server FINGER server. It responds to FINGER
requests from remote clients.
Securing FINGER
BP-FILE-FINGER-01 FINGER should be secured “----
BP-OPSYS-OWNER-01 FINGER should be owned by SUPER.SUPER
BP-OPSYS-FILELOC-01 FINGER must reside in $SYSTEM.SYSnn
BP-FILE-FINGER-02 FINGSERV should be secured “----
BP-OPSYS-OWNER-03 FINGSERV should be owned by SUPER.SUPER
BP-OPSYS-FILELOC-03 FINGSERV resides in $SYSTEM.ZTCPIP
If available, use Safeguard software or a third party object security product to grant
access to FINGER object files only to users who require access in order to perform their
jobs.
BP-SAFE-FINGER-01 Add a Safeguard Protection Record to grant appro-
priate access to the FINGER object file.
BP-SAFE-FINGER-02 Add a Safeguard Protection Record to grant appropri-
ate access to the FINGSERV object file.
Part 6
FINGER System Utility 299

Get HP NonStop Server Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.