Manualshelf

Securing Serviceguard Security analysis for HP Serviceguard clusters - Technical white paper

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux ProLiant Cluster
123456789
2
Abstract
Securing Serviceguard document talks about how a threat analysis can be carried out, and it elaborates about the
nature of external and internal threats that most HP Serviceguard clusters are usually exposed to. It provides
recommendations in order to protect the cluster nodes from external threats. This document also talks about the
HP Serviceguard security patch of 2004, which toughens the Serviceguard authentication mechanism. Additionally, the
document mentions the security considerations to be made for the use of HP Serviceguard Manager, Quorum Server,
and Continentalclusters.
This document is intended for anyone who is analyzing or configuring security for a Serviceguard cluster. We hope to
confirm to most customers that their existing security analysis and protection is correct and sufficient, while warning
others that they may have unprotected vulnerabilities.
Introduction
Security Analysis for Serviceguard consists of first doing a threat analysis, and then implementing defenses against
existing threats. Serviceguard must always be protected against various threats, and requires, for example, firewall
protection from a hostile internet. In this paper, we propose highly effective, low cost solutions that address the threats
commonly faced by Serviceguard customers.
Threat analysis
Consider three levels of security:
1. Bathroom/bedroom locks
2. Outside door deadbolts
3. Defended compound perimeter
For most people, threat analysis in daily life results in appropriate usage of levels of security. At the inner level, we
expect that people inside a house will behave socially, and will not exploit the potential to “crack” the security provided
by bed/bath locks, which usually can be opened using a paper clip. The outer door deadbolt offers security against
anti-social behavior, but no real defense against determined, armed criminal intent. The local police are expected to
provide a secure community, and defense against criminals, but if the police cannot be expected to provide that level of
security (such as when a government official faces an assassination threat), then greater measures are appropriate.
Observe that the defenses match the threat. Inside the home, there is a threat to privacy, which is defended by the
bed/bath lock. Outside there is the threat of forcible entry defended by the deadbolt. The defended compound perimeter
defends against the assassin.
It can be observed that:
1. Each level of security comes with increased cost.
2. It’s often appropriate to protect an outer perimeter more aggressively than an inner perimeter.
3. Too weak a security exposes one to threats, while overly aggressive security can be highly disruptive to daily life.
Thus, we must analyze the threats correctly, and select defenses appropriately. In particular, maximum security is
observed to be both expensive and intrusive to daily life.
Security threats
Security threats in the abstract are reduced to two classes:
Root exploitsmeaning that some weakness can be exploited to gain control of a computer with no
intentional authorization.
Denial of Servicemeaning that some weakness that can be exploited to cause a computer or program to crash, or
otherwise be prevented from providing the service it normally provides.