[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] HP Tandem NonStop servers

To: david king <newsgroups789@yahoo.co.uk>
Subject: Re: [Full-Disclosure] HP Tandem NonStop servers
From: Valdis.Kletnieks@vt.edu
Date: Thu, 21 Aug 2003 11:15:02 -0400

On Thu, 21 Aug 2003 14:11:26 BST, =?iso-8859-1?q?david=20king?= <newsgroups789@yahoo.co.uk>  said:

> I was told by a few that the HP tandem NonStop servers are the most secure servers ?
> 
> i have got myself a box and have been tasksed to do a security review.
> 
> Does anyone have any recomdations/idea how i should go abt doing it ?

If you think the vendor matters anywhere *NEAR* as much as the sysadmin
who installed it, you probably shouldn't be doing a security review.

Tandem gear has a long reputation of being hardware-reliable (mostly through
lots and lots of redundancy).   I'd not be surprised if most of their security is
of the "via obscurity" variety - not many hacks available for it because not
many people have access to one.

Where to start?  The usual:

Unused services listening on ports
Null/default passwords
Un-needed software installed
Some sort of Tripwire-style software installed
System logging enabled, preferably with a copy to another machine
File/device permissions..

That's probably enough to get you going....

PGP signature

References:
- [Full-Disclosure] HP Tandem NonStop servers
  - From: david king <newsgroups789@yahoo.co.uk>

Prev by Date: [Full-Disclosure] JAP back doored
Next by Date: Re: [Full-Disclosure] JAP back doored
Prev by thread: Re: [Full-Disclosure] HP Tandem NonStop servers
Next by thread: RE: [Full-Disclosure] virus-binaries
Index(es):
- Date
- Thread