Hi
I use Rapid 7 to check some servers ( AIX 5.3 ) for security problems. There are 2 problems I don't know to deal with
Problem : TCP Sequence Number Approximation Vulnerability
Solution :
_Enable TCP MD5 Signature
Problem : HTTP Basic Authentication Enable
Solution :
_ Use Basic Authentication over TLS/SSL (HTTPS)
_ Use Digest Authentication
I don't know how to perform the solutions. Somebody helps please :(:(
If I am not mistaken, you asked the same questions about three weeks ago, and I replied to it.
Are you using any application that requires authentication? (like have you installed site minder etc..,) or any secure portal?
Any right tool should tell you to go with HTTPS instead of HTTP.
Yes, a lot. These servers run applications for banking, and some security guys tell me to fix some security problems. I have fixed most of them, but still don't know what to do with these 2 warnings.
I also checked the "HTTPS" as what you said, it's OK but Rapid 7 still warns like that.
As a side note AIX 5.3 is out of support since 30. April 2012, see here:
Exactly! Consider telling the security guys that talking about "security" when running a OS unpatched for at least 15 months is moot anyway. No matter what you do or don't do the server will be insecure anyway.
I hope this helps.
bakunin
IBM still release security patches for AIX 5.3 but you'll need a software maintenance agreement and an AIX 5.3 service extension to be able to download them ;0)