Manualshelf

A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
41424344454647484950
Security Overview
Chapter 3: Remote Device Access (RDA)
Secured Communication
These protocols are used either inside the customer’s intranet or over the Internet between the customer
and HP.
l ESP
Encapsulating Security Payload (ESP), or IP protocol 50, is a protocol header inserted into an IP
datagram to provide data encryption and authentication. Remote Device Access uses ESP in tunnel
mode to establish VPN connectivity.
l HTTPS
HTTPS is HTTP with SSL or TLS encryption for security. All communications between the browser
and the remote data collection system are carried out over HTTPS. HTTPS is also used for the
marshalling and transfer of collected device data between the CMS and the managed systems. The
default port for HTTPS is TCP port 443, but it can be configured to run on other TCP ports.
l IPsec
IP Security, or IPsec, is a suite of protocols for securing IP communications. IPsec operates in two
modes. In transport mode it can be configured to provide end-to-end security of all communications
between two systems. In tunnel mode, IPsec can be used to provide VPN connectivity over insecure
networks. A typical IPsec deployment uses two protocols: either Encapsulating Security Payload
(ESP) or Authentication Header (AH), which are IP protocols, and ISAKMP. Note that AH is seldom
used as it does not provide encryption.
l ISAKMP
Internet Security Association and Key Management Protocol (ISAKMP) is an application-layer IPsec
protocol used for negotiating encryption keys. It is run over UDP port 500.
l SSH
The Secure Shell (SSH) protocol is an application-layer protocol which permits secure remote access
over a network from one computer to another. SSH negotiates and establishes an encrypted, and
authenticated connection between an SSH client and an SSH managed server. SSH provides data
integrity checks, prevents eavesdropping, and modification of sensitive data transferred between the
CMS and managed systems. The default port for SSH is TCP port 22, but it can be configured to run on
other TCP ports.
Although the SSH protocol is typically used to log into a remote machine and execute commands, it
also supports tunneling, forwarding arbitrary TCP ports and X11 connections. It can transfer files using
the associated SFTP or SCP protocols.
The SSH protocol exists in two versions. The original SSH protocol version 1 is somewhat insecure
and should not be used. Its successor, SSH protocol version 2, which is incompatible with SSH
protocol version 1, strengthened security by changing the protocol and adding Diffie-Hellman key
exchange and strong integrity checking via message authentication codes. HP RDA uses SSH
protocol version 2 for most connections.
l SSL and TLS
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are application-layer
protocols which provide data encryption and authentication. TLS is an updated version of SSL V3. SSL
and TLS use X.509 certificates, also known as “digital” certificates, for authentication. Although most
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 50 of 97