For general securing of a DMZ host, these 2 white papers from IBM are helpful.
They are a little old, but the concepts remain the same.
IBM Redbook - AIX 4.3 Elements of Security, Effective and Efficient Implementation
http://publib-b.boulder.ibm.com/Redbooks.nsf/9445fa5b416f6e32852569ae006bb65f/a2502989b5dc09f18525689b00740f90?OpenDocument&Highlight=0,SG24-5962
IBM Redbook - Additional AIX Security Tools on IBM pSeries, IBM RS/6000, and
SP/Cluster
http://publib-b.boulder.ibm.com/Redbooks.nsf/9445fa5b416f6e32852569ae006bb65f/8934e5c6a09d1094862569bb0074cfaa?OpenDocument
Ben
-----Original Message-----
From: Zlatko Krastev/ACIT [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 5:56 AM
To: [EMAIL PROTECTED]
Subject: Re: Possibly off topic
What - AIX itself.
How:
- put OpenSSH on it (download from bullfreeware.com; comes with latest AIX
versions)
- disable all unnecessary and plain-text authentication services
(including telnet and ftp - use ssh and scp instead)
- use built-in IP filtering (don't make way too many filters, IP filtering
is CPU consuming and may slow down your TCP/TSM sessions). "enable tsm;
enable ssh; disable all" is good enough.
- start the server as ordinary user (just recently discussed again on the
list)
- (optional) if you cannot live without Web-admin interface - install TSM
Secure Web Proxy over the same box
Zlatko Krastev
IT Consultant
"Gill, Geoffrey L." <[EMAIL PROTECTED]>
Sent by: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]>
29.05.2003 07:06
Please respond to "ADSM: Dist Stor Manager"
To: [EMAIL PROTECTED]
cc:
Subject: Possibly off topic
I am wondering if some of the AIX folks can help with this. It's a bit off
topic but is related to a TSM server nonetheless.
If a TSM server running on AIX, is in the DMZ, what might someone use to
"harden it" if you will. What software packages are available to help keep
out intruders?
Thanks,
Geoff Gill
TSM Administrator
NT Systems Support Engineer
SAIC
E-Mail: [EMAIL PROTECTED]
Phone: (858) 826-4062
Pager: (877) 905-7154
