| An NIS (Network Information System) client is used to receive network naming and administration information from a server machine on its network.
NIS is a system used for synchronizing key host information, including account names and passwords. It is a clear-text protocol, and can be easily compromised to gain access to accounts on the system. If you are really interested in using NIS, you should configure your firewall to block NIS traffic coming in or going out of your network.
Also, if you plan to use a host-based network firewall, be sure to disable NIS client. If your NIS client is left configured but the NIS traffic is blocked at your firewall, your machine will bog down trying to connect to the NIS server. NIS is not a well-behaved protocol and the ports it needs are hard to characterize. It also needs to initiate connections from both client and server.
On many systems, including trusted-mode HP-UX systems, passwords are not only encrypted but also readable only by the super-user. These measures were taken because given the encrypted string an attacker can attempt to determine valid passwords for users on your system by using dictionary or brute force password cracking programs. When you use NIS, the encrypted password is transmitted in clear-text and made available to anyone on the network, compromising this defense measure. Because of this, the HP-UX trusted mode and password shadowing security features that Bastille can enable, are incompatible with NIS. If you choose to convert to trusted-mode or shadow passwords, you should also disable NIS.
We recommend that you deactivate NIS client programs. Alternatives include NIS+, LDAP, and Kerberos |