FINGER is the HP NonStop server FINGER client. It is used to interactively test the connection to a remote system. The remote system need not be another NonStop server.
FINGER is used to request information about users that are currently logged on to a system on the network. The type of information and the format of the display depend upon the service provided by the FINGER server on the remote system.
FINGER is a part of the TCP/IP subsystem which provides snapshots of running connections.
RISK Someone familiar with FINGER could use it from a remote machine to get IP addresses and other connection information about a system.
RISK FINGER could be used to obtain a list of user names from a system without logging on to the system, thus giving an attacker a starting point to try to logon.
AP-ADVICE-FINGER-01 To eliminate this risk, FINGER must be removed from the TCP/IP PORTCONF file.
The components of FINGER are:
FINGER
FINGSERV
FINGER is the HP Nonstop finger client to request TCP/IP connection information.
FINGSERV is the HP NonStop server FINGER server. It responds to FINGER requests from remote clients .
BP-FILE-FINGER-01 FINGER should be secured "- - - -"
BP-OPSYS-OWNER-01 FINGER should be owned by SUPER.SUPER
BP-OPSYS-FILELOC-01 FINGER must reside in $SYSTEM.SYSnn
BP-FILE-FINGER-02 FINGSERV should be secured "- - - -"
BP-OPSYS-OWNER-03 FINGSERV should be owned by SUPER.SUPER
BP-OPSYS-FILELOC-03 FINGSERV resides in $SYSTEM.ZTCPIP
If available, use Safeguard software or a third party object security product to grant access to FINGER object files only to users who require access in order to perform their jobs.
BP-SAFE-FINGER-01 Add a Safeguard Protection Record to grant appropriate access to the FINGER object file.
BP-SAFE-FINGER-02 Add a Safeguard Protection Record to grant appropriate access to the FINGSERV object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-01 | Who owns the FINGER client object file? | Fileinfo |
OPSYS-OWNER-03 | Who owns the FINGSERV server object file? | Fileinfo |
FILE-POLICY | Who is allowed to execute FINGER on the system? | Policy |
FILE-FINGER-01 | Is the FINGER object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-FINGER-02 | Is the FINGSERV object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
Related Topics
TCP/IP