Navigate

Check: GEN006460

HP-UX 11.31 STIG: GEN006460 (in versions v1 r19 through v1 r13)

Title

Any Network Information System (NIS+) server must be operating at security level 2. (Cat II impact)

Discussion

If the NIS+ server is not operating in, at least, security level 2, there is no encryption and the system could be penetrated by intruders and/or malicious users.

Check Content

If the system is not using NIS+, this is not applicable. Check the system to determine if NIS+ security level two is implemented. Execute this command: # niscat cred.org_dir If the second column does not contain DES, the system is not using NIS+ security level two, and this is a finding.

Fix Text

Configure the NIS+ server to use security level 2.

Additional Identifiers

Rule ID: SV-38537r1_rule

Vulnerability ID: V-926

Group Title: GEN006460

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001435	The organization defines networking protocols within the information system deemed to be nonsecure.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
No controls are assigned to this check