UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must not use UDP for Network Information System (NIS/NIS+).


Overview

Finding ID Version Rule ID IA Controls Severity
V-4399 GEN006380 SV-35147r1_rule ECSC-1 High
Description
Implementing NIS or NIS+ under UDP may make the system more susceptible to a Denial of Service attack and does not provide the same quality of service as TCP.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2018-03-01

Details

Check Text ( C-36719r1_chk )
If the system does not use NIS or NIS+, this is not applicable.

Check if NIS or NIS+ is implemented using UDP.
# rpcinfo -p | grep yp | grep udp

If NIS or NIS+ is implemented using UDP, this is a finding.
Fix Text (F-30298r1_fix)
Configure the system to not use UDP for NIS and NIS+. HP-UX specific documentation (note the major version of NIS+ currently running) should be consulted for the required procedure.