| An NIS (Network Information System) server is used to distribute network naming and administration information to other machines on a network
NIS is a system used for synchronizing key host information, including account names and passwords. It is a clear-text protocol, and can be easily compromised to gain access to accounts on the system. If you are really interested in using NIS, you should configure your network firewall to block NIS traffic coming in and going out of your network.
On many systems, including trusted-mode HP-UX systems, passwords are not only encrypted but also readable only by the super-user. This defense measure was taken because encrypted passwords can be decrypted fairly quickly with today's computers. When you use NIS, the encrypted password is transmitted in clear-text and made available to anyone on the network, compromising this defense measure. Because of this, the HP-UX trusted mode and password shadowing security features that Bastille can enable, are incompatible with NIS. If you choose to convert to trusted-mode or shadow passwords, you should also disable NIS.
We recommend that you deactivate NIS server programs. Alternatives include NIS+, LDAP, and Kerberos. |