Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
Locking Down CMS
Thank you very much RFWatts, your information has been very valuable. I found about the inetd.conf file also, but it is hard for me to tell which services can be shut down without impacting the CMS operation itself. Please pass along the contact information since we will need to do this change...- ceindaco
- Post #6
- Forum: Avaya: CM/Aura (Definity)
-
Locking Down CMS
Thanks for the reply. I was hoping to avoid the "charges" for hardening the system, but the more I research the more it seems that AVAYA will have to take the action on our system. That was a big help. C.I.- ceindaco
- Post #3
- Forum: Avaya: CM/Aura (Definity)
-
Locking Down CMS
Hi, We have a CMS box running on a SPARC station with Sun OS 5.7, we recently deployed an Intrusion Detection System (IDS) and it has found several vulnerabilities on our box. Do you know a good place to look for instructions on how to lock some ports or shutdown some services on the Sun...- ceindaco
- Thread
- Replies: 6
- Forum: Avaya: CM/Aura (Definity)
-
SMTP through PIX 506E
Two things: First, did you on purpose disable the fixup protocol for SMTP?. That is the one that allows returning traffic for your mail gateway. If you enable that FIXUP feature, you will get all incoming traffic as a response from your requests, without the need of specifying an access-list...- ceindaco
- Post #2
- Forum: Security, hacker detection & forensics
-
New PIX config. Everything seems fine but no access to the internet?
Yes, and that is why you should be careful with the subnet mask. In our case since we were using a mask of 255.0.0.0 every packet coming from the same Class A as the PIX was being treated as local and the PIX was replying to them sending the data to the wire instead of the local router...- ceindaco
- Post #6
- Forum: Security, hacker detection & forensics
-
New PIX config. Everything seems fine but no access to the internet?
Hi, You would also want to check the subnet mask on your interface outside. I ran into some problems before when having a Class A subnet mask incorrectly configured.- ceindaco
- Post #4
- Forum: Security, hacker detection & forensics
-
Cisco VPN client 3.6.x and 4.0.x cannot access DMZ
That is correct, but you have implemented access-lists on the inside that screen any traffic going OUT from the inside to the OUTSIDE and DMZ. I am thinking that your acces-list is preventing your VPN clients to go out to the DMZ.- ceindaco
- Post #11
- Forum: Security, hacker detection & forensics
-
Cisco VPN client 3.6.x and 4.0.x cannot access DMZ
HI: Have you checked the logs on the Firewall? It seems to me that you have a problem with the access-lists. Remember that the access-lists are applied as inbound to the interface and always the source goes first on the command. These two rules: access-list acl_dmz1 permit icmp 10.4.1.0...- ceindaco
- Post #9
- Forum: Security, hacker detection & forensics
