What - AIX itself.
How:
- put OpenSSH on it (download from bullfreeware.com; comes with latest AIX
versions)
- disable all unnecessary and plain-text authentication services
(including telnet and ftp - use ssh and scp instead)
- use built-in IP filtering (don't make way too many filters, IP filtering
is CPU consuming and may slow down your TCP/TSM sessions). "enable tsm;
enable ssh; disable all" is good enough.
- start the server as ordinary user (just recently discussed again on the
list)
- (optional) if you cannot live without Web-admin interface - install TSM
Secure Web Proxy over the same box

Zlatko Krastev
IT Consultant






"Gill, Geoffrey L." <GEOFFREY.L.GILL AT SAIC DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
29.05.2003 07:06
Please respond to "ADSM: Dist Stor Manager"


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        Possibly off topic


I am wondering if some of the AIX folks can help with this. It's a bit off
topic but is related to a TSM server nonetheless.



If a TSM server running on AIX, is in the DMZ, what might someone use to
"harden it" if you will. What software packages are available to help keep
out intruders?

Thanks,

Geoff Gill
TSM Administrator
NT Systems Support Engineer
SAIC
E-Mail:   gillg AT saic DOT com
Phone:  (858) 826-4062
Pager:   (877) 905-7154