Telnet Subsystem


The Telnet subsystem is HP's implementation of the Telnet server portion of the Telnet protocol. The Telnet protocol is a general, bi-directional , eight-bit, byte- oriented protocol in the TCP/IP protocol suite that provides a standard method of interfacing terminal devices and terminal-oriented processes to each other. The HP Telnet server provides Telnet services to HP Telnet clients , specifically TN6530 personality.

Telnet is commonly used to service HP terminal-emulators from the PC platforms.

Example 1:
start example
  $SYSTEM SYSTEM 132> status *, prog $system.sys01.telserv   Process Pri PFR %WT Userid Program file Hometerm   $ZTNP2 1,283 170 015 255,255 $SYSTEM.SYS01.TELSERV $YMIOP.#CLCI   $ZTNP2 B 0,263 170 001 255,255 $SYSTEM.SYS01.TELSERV $YMIOP.#CLCI  
end example
 

Example 1 displays the TELSERV process.

Each TELSERV session is identified by a #< name >.

Example 2:
start example
  $SYSTEM SYSTEM 130> who   Home terminal: $ZTNP2.#PT54RL5  
end example
 

Example 2 shows a connected Telnet terminal session. When addressing this session, the name of the terminal is $ZTNP2.#PT54RL5.

If the session is terminated , a new id (#<session id>) will be used.

RISK Telnet sessions are transient. If the session is lost, the process may suspend.

AP-ADVICE-TELNET-01 Telnet sessions should not be used as HOME- TERM devices for processes.

RISK A Telnet client can connect to any system on the network that has a Telnet server. The services available to any given terminal depends on what the remote system offers. The user will have access to system resources based on the userid used to make the connection.

RISK Telnet is a common interface used to allow PC terminals to connect to an HP NonStop server system.

AP-ADVICE-TELNET-01 The interface must be secured to require users to logon with their own userid and password, before allowing access to the server or there will be no way to control users' access to system resources.

TELNET Services

A Telnet service is either conversational, block-mode or print. The most commonly used is conversational-mode. Each Telnet service must be explicitly set to accommodate the needs of the communication.

Securing Telnet Components

BP-FILE-TELNET-01 Telnet should be secured "UUNU".

BP-OPSYS-OWNER-01 Telnet should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-01 Telnet must reside in $SYSTEM.SYSnn.

BP-PROCESS-TELSERV-01 $ZTNPn processes should be running.

BP-FILE-TELNET-02 TELSERV should be secured "UUCU".

BP-OPSYS-OWNER-01 TELSERV should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-01 TELSERV must reside in $SYSTEM.SYSnn.

Discovery Questions

Look Here:

FILE-POLICY

Is Telnet run on the system to support terminals?

Policy

PROCESS-TELSERV-01

Are the $ZTNPn process running?

Status

OPSYS-OWNER-01

Who owns the Telnet object file?

Fileinfo

OPSYS-OWNER-01

Who owns the TELSERV object file?

Fileinfo

FILE-TELNET-01

Is the Telnet object file secured correctly?

Fileinfo

FILE-TELNET-02

Is the TELSERV object file secured correctly?

Fileinfo

Related Topics

Securing Applications

SCF

TCP/IP




HP NonStop Server Security 2004
HP NonStop Server Security 2004
ISBN: 159059035X
EAN: N/A
Year: 2004
Pages: 157

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net