A.05.80 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2012)
Security Overview
Chapter 3: Remote Device Access (RDA)
users are accustomed to working only with server certificates, SSL and TLS can be configured to
require client-side certificates which provides password-less two-way authentication. The CMS and
managed systems authenticate one using X.509 certificates. Also, all communications between the
client browsers and the CMS are protected by SSL. The Remote Support Configuration Collector
System supports both SSL V3 and TLS 1.0.These two protocols are most ubiquitous in HTTPS on
TCP port 443. Other protocols and applications also utilize SSL and TLS for security.
Unsecured Communications
HP uses the following unsecure protocols only inside the customer’s internal network HP will not initiate
any external communications between the customer and HP using these protocols.
l HTTP
The Hypertext Transfer Protocol (HTTP) is an application-layer protocol used for exchanging data. Its
most popular usage is for transferring text, graphic images, sound, video, and other multimedia files to
Web browsers. HTTP’s capabilities are also general enough for non-web applications.
l OCSP
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation
status of an X.509 digital certificate. It is described in RFC 2560. Although the protocol is not
encrypted, the sent information is somewhat anonymous (for example, a certificate serial number) and
all responses are digitally signed. OCSP runs on top of HTTP.
Security Auditing
All attended RDA connection attempts from HP to customers are logged. The acting user, start and stop
times of the connection, and the connection status are logged. The connection status will indicate failures
such as improper authentication and authorization. This tracking information is retained for 13 months.
HP Insight Remote Support Advanced and Remote Device Access (A.05.80)Page 51 of 97