Thank you indeed Sir. Even myself can use some of this information. Thanks again. Regards -----Original Message----- From: spiff [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 24, 2000 5:17 PM To: Ionel Chila Cc: mssjim; '[EMAIL PROTECTED]' Subject: RE: Checklist for hardening Netscape Enterprise Server of course, you're right Ionel, sorry mssjim. So I searched around, and found: http://www.netscapeworld.com/ned-ti/ned-ti-security.html which is very old, but has some specific Enterprise stuff. I also found out that it seems netscape uses the word "Security" only to refer to SSL PKI certificates. Quote: "In this section you'll find information which will help you add Netscape Security to your applications. With Netscape Security, your product will be ready to snap onto the infrastructure selected by any enterprise. " I can't wait! Welcome to Westworld. So, anyway. following along the links... http://developer.netscape.com/tech/security/index.html which says: "For the latest technical information on Sun-Netscape Alliance products, goto: http://developer.iplanet.com " And wading through the thicket of buzzwords we find: A White Paper on SunScreen SecureNet, which basically advises you to buy SunScreen. Am I surprised yet? nope. But that doesn't help. So. Instead of just buying something let's ask: Which version of Netscape Enterprise Server (Web server) are we discussing? iPlanet Web Server, Enterprise Edition 4.0 iPlanet Web Server, Enterprise Edition 4.1 Netscape Enterprise Server 3.x Netscape Enterprise Server 2.x Other Version Running on what platform? Microsoft Windows NT 4.0 (SP4+) Sun Solaris 2.6, 7 (binary compatibility) Hewlett-Packard HP-UX 11.0 IBM AIX 4.2, 4.3 (binary compatibility) Digital Unix 4.0d SGI IRIX 6.5 Redhat Linux 6.1 (Alpha Release) Other OS Then we can get along to: What's your threat model? What's your security policy say? And maybe recommend some platform specific hardening tools/FAQs/papers/patches for the OS/Hardware/Usage/Policy in place. And then onto the specific Version: Are there any patches for it? What's it going to Serve? Do you really need to run? Server-Side JavaScript Java Servlets JavaServer Pages Netscape Server Application Programming Interface (NSAPI) Open Database Connectivity (ODBC) Java Database Connectivity (JDBC) Java integrated development environment (IDE) or do you just need a webserver with HTTP 1.1, SSL and maybe a little CGI. Anyway, sorry for the jerky first reply, really. I really forgot my manners and have started to let the inane drivilings about greyhats/doorknobs/scanning/terminology/tools etc get to me, which is bad. I think I'll go outside now, and not look at a computer for a few days. spiff On Thu, 24 Feb 2000, Ionel Chila wrote: > > Guys even if you don't agree this is still a > list where people ask for help. > > A good way of hardening a sun box is using > a package called Titan at : http://www.fish.com/titan/ > Is a very powerful set of scripts and it will harden any sun server. > > Best regards > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of spiff > Sent: Thursday, February 24, 2000 2:36 PM > To: mssjim > Cc: '[EMAIL PROTECTED]' > Subject: Re: Checklist for hardening Netscape Enterprise Server > > > yes, > > Checklist: > > 1: delete netscape server. > 2: install apache/stronghold. > 3: lather rinse repeat. > > On Thu, 24 Feb 2000, mssjim wrote: > > > Dear all > > > > Could anybody have information on checklist for hardening Netscape > > Enterprise > > Server (Web server), ie security set-up guideline? > > > > Many thanks > > > > > > > > - > > [To unsubscribe, send mail to [EMAIL PROTECTED] with > > "unsubscribe firewalls" in the body of the message.] > > > > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
