TCP/IP command security

Some commands in TCP/IP provide a secure environment during operation. These commands are ftp, rexec, and telnet.

The ftp function provides security during file transfer. The rexec command provides a secure environment for running commands on a foreign host. The telnet function provides security for login to a foreign host.

The ftp, rexec, and telnet commands provide security during their operation only. That is, they do not set up a secure environment for use with other commands. For securing your system for other operations, use the securetcpip command. This command gives you the ability to secure your system by disabling the nontrusted daemons and applications, and by giving you the option of securing your IP layer network protocol as well.

The ftp, rexec, securetcpip, and telnet commands provide the following forms of system and data security:

ftp

The ftp command provides a secure environment for transferring files. When a user invokes the ftp command to a foreign host, the user is prompted for a login ID. A default login ID is shown: the user's current login ID on the local host. The user is prompted for a password for the remote host.

The automatic login process searches the local user's $HOME/.netrc file for the user's ID and password to use at the foreign host. For security, the permissions on the $HOME/.netrc file must be set to 600 (read and write by owner only). Otherwise, automatic login fails.

Note: Because use of the .netrc file requires storage of passwords in a nonencrypted file, the automatic login feature of the ftp command is not available when your system has been configured with the securetcpip command. This feature can be reenabled by removing the ftp command from the tcpip stanza in the /etc/security/config file.

To use the file transfer function, the ftp command requires two TCP/IP connections, one for the File Transfer Protocol (FTP) and one for data transfer. The protocol connection is primary and is secure because it is established on reliable communicating ports. The secondary connection is needed for the actual transfer of data, and both the local and remote host verify that the other end of this connection is established with the same host as the primary connection. If the primary and secondary connections are not established with the same host, the ftp command first displays an error message stating that the data connection was not authenticated, and then it exits. This verification of the secondary connection prevents a third host from intercepting data intended for another host.

rexec

The rexec command provides a secure environment for executing commands on a foreign host. The user is prompted for both a login ID and a password.

An automatic login feature causes the rexec command to search the local user's $HOME/.netrc file for the user's ID and password on a foreign host. For security, the permissions on the $HOME/.netrc file must be set to 600 (read and write by owner only). Otherwise, automatic login fails.

Note: Because use of the .netrc file requires storage of passwords in a nonencrypted file, the automatic login feature of rexec command is not available when your system is operating in secure. This feature can be reenabled by removing the entry from the tcpip stanza in the /etc/security/config file.

securetcpip

The securetcpip command enables TCP/IP security features. Access to commands that are not trusted is removed from the system when this command is issued. Each of the following commands is removed by running the securetcpip command:

• rlogin and rlogind
• rcp, rsh, and rshd
• tftp and tftpd
• trpt

The securetcpip command is used to convert a system from the standard level of security to a higher security level. After your system has been converted, you need not issue the securetcpip command again unless you reinstall TCP/IP.

telnet or tn

The telnet (TELNET) command provides a secure environment for login to a foreign host. The user is prompted for both a login ID and a password. The user's terminal is treated just like a terminal connected directly to the host. That is, access to the terminal is controlled by permission bits. Other users (group and other) do not have read access to the terminal, but they can write messages to it if the owner gives them write permission. The telnet command also provides access to a trusted shell on the remote system through the SAK. This key sequence differs from the sequence that invokes the local trusted path and can be defined within the telnet command.