Fwd: Hardening NIS+

From: Jerry Kemp (secact@sun.twlight.net)
Date: 08/10/02


Date: Fri, 9 Aug 2002 21:16:28 -0500
From: Jerry Kemp <secact@sun.twlight.net>
To: focus-sun@securityfocus.com

That is my understanding also. Make sure that you have applied all of
your Sun security patches. Patchdiag tool is your friend.

Jerry

Begin forwarded message:

> From: Neil Dickey <neil@geol.niu.edu>
> Date: Fri Aug 09, 2002 03:05:37 PM US/Central
> To: jim.small@eds.com, focus-sun@securityfocus.com
> Subject: Re: Hardening NIS+
> Reply-To: Neil Dickey <neil@geol.niu.edu>
>
>
> "Small, Jim" <jim.small@eds.com> wrote asking:
>
>> Has anyone seen any articles/papers on hardening/locking down NIS+?
>
> Someone will doubtless correct me if I'm wrong, but it's my
> understanding
> that NIS+ is very secure "as is." The only exception arises if it is
> run
> in YP-compatible mode. There are vulnerabilities associated with that,
> but we don't do it and I don't recall what they are.