Full Disclosure mailing list archives

Re: HP Tandem NonStop servers

From: Valdis.Kletnieks () vt edu
Date: Thu, 21 Aug 2003 11:15:02 -0400

On Thu, 21 Aug 2003 14:11:26 BST, =?iso-8859-1?q?david=20king?= <newsgroups789 () yahoo co uk>  said:

I was told by a few that the HP tandem NonStop servers are the most secure servers ?

i have got myself a box and have been tasksed to do a security review.

Does anyone have any recomdations/idea how i should go abt doing it ?


If you think the vendor matters anywhere *NEAR* as much as the sysadmin
who installed it, you probably shouldn't be doing a security review.

Tandem gear has a long reputation of being hardware-reliable (mostly through
lots and lots of redundancy).   I'd not be surprised if most of their security is
of the "via obscurity" variety - not many hacks available for it because not
many people have access to one.

Where to start?  The usual:

Unused services listening on ports
Null/default passwords
Un-needed software installed
Some sort of Tripwire-style software installed
System logging enabled, preferably with a copy to another machine
File/device permissions..

That's probably enough to get you going....

Attachment: _bin
Description:

Current thread:

RE: virus-binaries, (continued)
- RE: virus-binaries Anthony Aykut (Aug 20)
- RE: virus-binaries Drew Copley (Aug 20)
  - HP Tandem NonStop servers david king (Aug 21)
    - Re: HP Tandem NonStop servers KF (Aug 21)
    - Re: HP Tandem NonStop servers Tom Knienieder (Aug 21)
    - Re: HP Tandem NonStop servers KF (Aug 21)
    - Re: HP Tandem NonStop servers Larry W. Cashdollar (Aug 21)
    - Re: HP Tandem NonStop servers and other off topic crap Kurt Seifried (Aug 21)
    - RE: HP Tandem NonStop servers Rick Kingslan (Aug 21)
    - Re: HP Tandem NonStop servers yossarian (Aug 22)
    - Re: HP Tandem NonStop servers Valdis . Kletnieks (Aug 21)