Check: GEN006460
HP-UX 11.23 STIG:
GEN006460
(in version v1 r8)
Title
Any Network Information System (NIS+) server must be operating at security level 2. (Cat II impact)
Discussion
If the NIS+ server is not operating in, at least, security level 2, there is no encryption and the system could be penetrated by intruders and/or malicious users.
Check Content
If the system is not using NIS+, this is not applicable. Check the system to determine if NIS+ security level two is implemented. Execute this command: # niscat cred.org_dir If the second column does not contain DES, the system is not using NIS+ security level two, and this is a finding.
Fix Text
Configure the NIS+ server to use security level 2.
Additional Identifiers
Rule ID: SV-38537r1_rule
Vulnerability ID: V-926
Group Title: GEN006460
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001435 |
The organization defines networking protocols within the information system deemed to be nonsecure. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |