LEADER 07256nam  2200589Ia 450 
001 9910816215203321
005 20200520144314.0
035   $a(CKB)1000000000243338
035   $a(OCoLC)614898224
035   $a(CaPaEBR)ebrary10112129
035   $a(SSID)ssj0000276760
035   $a(PQKBManifestationID)11209099
035   $a(PQKBTitleCode)TC0000276760
035   $a(PQKBWorkID)10226227
035   $a(PQKB)10522387
035   $a(Au-PeEL)EBL3306378
035   $a(CaPaEBR)ebr10112129
035   $a(CaSebORM)0738499072
035   $a(MiAaPQ)EBC3306378
035   $a(OCoLC)829407023
035   $a(OCoLC)ocn829407023 
035   $a(EXLCZ)991000000000243338
100   $a20050818d2003      uy         0
101 0 $aeng
135   $aurcn|||||||||
181   $ctxt
182   $cc
183   $acr
200 10$aAIX 5L version 5.2 security supplement /$fSteven Tuttle, Gabriel Pizano, Chris Smith
210   $aAustin, TX $cIBM Corp., International Technical Support Organization$dc2003
215   $a1 online resource (198 p.) 
225 1 $aRedbooks
300   $a"November 2003.'
311   $a0-7384-9907-2 
320   $aIncludes bibliographical references and index.
327   $aFront cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Chapter 1. AIX security flashes -- 1.1 Recommended reading -- 1.2 Security flash information by e-mail -- 1.3 Obtaining fixes -- Chapter 2. Virtual private networks -- 2.1 Architecture -- 2.2 Security -- 2.2.1 Transport mode -- 2.2.2 Tunnel mode -- 2.2.3 Security parameter index -- 2.2.4 Security associations -- 2.2.5 Filter rules -- 2.2.6 Encapsulating Security Payloads -- 2.2.7 Authentication Header -- 2.2.8 Key management -- 2.2.9 Security features -- 2.3 Installing IPSec -- 2.3.1 Installing the IP Security feature -- 2.3.2 Enabling IPSec offload -- 2.3.3 Starting IP Security -- 2.3.4 Installation Verification Procedure -- 2.4 Using administration interfaces -- 2.4.1 Starting IPSec -- 2.4.2 Stopping IPSec -- 2.4.3 IKE tunnels using SMIT -- 2.4.4 IKE tunnels using Web-based System Manager -- 2.4.5 Using certificates -- 2.4.6 Manual tunnels using the System Management Interface Tool -- 2.4.7 Filtering through the System Management Interface Tool -- 2.5 Functionality -- 2.5.1 Scenario I -- 2.5.2 Scenario II -- 2.5.3 Scenario III -- 2.5.4 Scenario IV -- 2.5.5 Scenario V -- 2.5.6 Scenario VI -- 2.6 Differences and limitations -- 2.7 Event and alert management -- 2.8 Common problems and solutions -- 2.8.1 Activation failure of the tunnel -- 2.8.2 Pinging from a non-secure machine to a secured machine hangs -- 2.8.3 Cannot ping from a secured machine to a non-secure machine -- 2.8.4 Network address translation doesn't work in IPSec environments -- 2.8.5 Firewall doesn't work in IPSec environments -- 2.8.6 Cannot connect two machines where tunnels used to be active -- 2.8.7 Both tunnels activated but there is no active/negotiating in the IKE tunnel monitor.
327   $a2.8.8 Can no longer connect from a non-secure machine to a secure machine with the tunnel active -- 2.8.9 IP security started but IKE command does not work -- 2.8.10 isakmpd is not running -- 2.8.11 The IKE subsystem group is inoperative -- 2.8.12 Tunnels are in a dormant state after running ike cmd=activate -- 2.8.13 Editing tunnel information with Web-based System Manager panels differs from ike cmd=list db verbose -- 2.8.14 Cannot activate a tunnel because the remote ID is invalid -- 2.8.15 General procedure to obtain the cause of problems -- Chapter 3. Exploiting Network Authentication Service -- 3.1 Architecture -- 3.1.1 Recommended reading -- 3.1.2 Ease-of-use example -- 3.2 Security -- 3.3 Installation example -- 3.3.1 Planning -- 3.3.2 Installation -- 3.3.3 Configuring the server -- 3.3.4 Configuring the client -- 3.3.5 Creating the keytab file -- 3.3.6 Kerberos administration -- 3.3.7 Changing authentication methods to allow Kerberos -- 3.3.8 Obtaining Kerberos authentication for administration -- 3.3.9 Creating a test user -- 3.3.10 Testing the user and services -- 3.3.11 Configuring another client system -- 3.3.12 Testing the user and services on the new host -- 3.4 Administration -- 3.4.1 AIX -- 3.4.2 Network Authentication Service -- 3.5 Functions -- 3.5.1 Integrated login -- 3.5.2 Secure remote commands -- 3.5.3 User management commands -- 3.6 Differences and limitations -- 3.7 Event and alert management -- 3.8 Common problems and solutions -- 3.8.1 Checklist -- 3.8.2 Logs -- 3.8.3 Typical problems -- Chapter 4. Pluggable Authentication Module -- 4.1 Architecture -- 4.1.1 PAM library -- 4.1.2 PAM modules -- 4.1.3 PAM configuration file -- 4.1.4 Recommended reading -- 4.2 Security -- 4.2.1 Security issues -- 4.3 Installing and configuring PAM -- 4.3.1 Installing PAM for AIX (pam_aix) -- 4.3.2 Installing PAM for LDAP (pam_ldap).
327   $a4.4 Common problems and solutions -- 4.4.1 Enabling PAM debug -- Chapter 5. Restricting users -- 5.1 Restricted shells -- 5.1.1 Recommended reading -- 5.1.2 Configuring the system and creating a restricted shell user -- 5.2 User limits for a system resource -- 5.2.1 Architecture -- 5.2.2 Security -- 5.2.3 Resources -- 5.2.4 Administration -- 5.3 User login controls -- 5.3.1 Setting up login controls -- 5.3.2 Changing the welcome message on the login display -- 5.3.3 Changing the login display for the CDE -- 5.3.4 Securing unattended terminals -- 5.3.5 Enforcing automatic logoff -- 5.4 Preventing denial-of-service attacks -- Appendix A. AIX Security Planning and Implementation Worksheet -- Abbreviations and acronyms -- Related publications -- IBM Redbooks -- Other publications -- Online resources -- How to get IBM Redbooks -- Help from IBM -- Index -- Back cover.
330   $aThis IBM Redbooks publication serves as a supplement to the IBM AIX 5L Version 5.2 product documentation, particularly "AIX 5L Version 5.2 Security Guide", SC23-4860. This book provides additional detailed information about virtual private networks (VPN), Kerberos security and the use of secure remote commands (RCMDS), Pluggable Authentication Modules (PAM), and examples on how to restrict users. You can use these features individually or integrate them together to improve AIX system security. Use this book as an additional source for security information. Together with existing sources, you may use this book to enhance your knowledge of security and the features included with AIX 5L Version 5.2. You learn about the practical use of these security features, why they are necessary, and how you can use them in your environment to improve security. Plus you gain practical guidance through the examples that are provided and the recommendations for best practice.
410  0$aIBM redbooks.
606   $aOperating systems (Computers)
615  0$aOperating systems (Computers)
700   $aTuttle$b Steven$01641789
701   $aPizano$b Gabriel$01641790
701   $aSmith$b Chris$0373829
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
906   $aBOOK
912   $a9910816215203321
996   $aAIX 5L version 5.2 security supplement$93986117
997   $aUNINA