Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must not use UDP for Network Information System (NIS/NIS+).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4399 | GEN006380 | SV-35147r1_rule | ECSC-1 | High |
| Description |
|---|
| Implementing NIS or NIS+ under UDP may make the system more susceptible to a Denial of Service attack and does not provide the same quality of service as TCP. |
| STIG | Date |
|---|---|
| HP-UX 11.23 Security Technical Implementation Guide | 2013-03-28 |
Details
| Check Text ( C-36719r1_chk ) |
|---|
| If the system does not use NIS or NIS+, this is not applicable. Check if NIS or NIS+ is implemented using UDP. # rpcinfo -p | grep yp | grep udp If NIS or NIS+ is implemented using UDP, this is a finding. |
| Fix Text (F-30298r1_fix) |
|---|
| Configure the system to not use UDP for NIS and NIS+. HP-UX specific documentation (note the major version of NIS+ currently running) should be consulted for the required procedure. |