HP Systems Insight Manager 5.2 Installation and Configuration Guide for HP-UX
known as
spoofing
. To prevent the possibility of spoofing, use a certificate signed by a trusted Certificate
Authority (CA) or securely export the certificate by browsing locally to the CMS and then securely importing
it into your browser. You can also obtain the server certificate by browsing remotely and saving it in the
browser the first time you access HP SIM, but this option is less secure and still susceptible to a possible
"man-in-the-middle" attack. Information about importing CA-signed certificates is available in the "Administering
the Software" section of the
HP Systems Insight Manager 5.2 User Guide
at http://h18013.www1.hp.com/
products/servers/management/hpsim/infolibrary.html.
X application security
The data exchanged between an X client (or application) running on a managed system and an X server
on the network client is transmitted in clear text over the network. HP does not recommend X clients in
environments in which security is a concern.
Managing servers behind a firewall
HP SIM supports managing servers that are located behind a firewall when using the SSH, HTTPS, and
WBEM protocols. HP does not recommend the SNMP and DMI protocols for this purpose because they are
not secure protocols. The firewall must be configured to allow this traffic through the firewall. The following
ports are used:
• WBEM uses HTTPS over port 5989
• Web Agents use HTTPS over port 2381
• DTF uses SSH-2 over port 22
For a complete list of ports used by HP SIM, see the
Understanding HP SIM Security
white paper. This white
paper is available at http://www.hp.com/go/hpsim/.
16 Product overview