Manualshelf

Understanding HP SIM 5.1 and 5.2 security (481362-003, January 2009)

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 5.x Windows Software
12345678910
Background processes
On Windows, HP SIM is installed and runs as a Windows service. The service account requires
administrator privileges on the CMS and the database, and can be either a local or a domain
account. For automatic sigh-in to HP SIM, a domain account must be used.. On UNIX, HP SIM is
installed and runs as daemons running as root.
Windows Cygwin
The version of Cygwin provided with the SSH server for Windows, for CMS and the managed
systems, has been modified with security enhancements to restrict access to the shared memory
segment. As a result, it does not interoperate with the generally available version of Cygwin. Only
administrative users can connect to a system running the modified SSH server.
HP-UX/Linux
The device /dev/random is used, if available on the CMS, as a source for random numbers within
HP SIM.
Database
Access to the database server should be restricted to protect HP SIM data. Specify appropriate non-
blank passwords for all database accounts, including the system administrator (sa) account for SQL
Server. Changes to the operating data, such as authorizations, tasks, and collection information, can
affect the operation of HP SIM. System data contains detailed information about the managed
systems, some of which might be considered restricted including asset information, configuration, and
so on. Task data might contain extremely sensitive data, such as user names and passwords.
SQL Server/MSDE
HP SIM uses only Windows authentication with SQL Server and MSDE. The installation of MSDE
creates a random password for the sa account, though it is not used for HP SIM.
Remote SQL Server
SQL Server supports advanced security features, including SSL encryption during sign in and data
communication. More information can be found in SQL Server documentation and the Microsoft
website.
PostgreSQL
PostgreSQL uses a password that is randomly generated when HP SIM is installed. This password can
be changed through the command line. Refer to the mxpassword reference for more information.
Oracle
The Oracle database administrator must create a user (preferably with a non-blank password) for HP
SIM to use when connecting to Oracle. The Oracle user must have, at the minimum, the Connect and
DBA roles, which allow HP SIM to have the correct privileges to create and delete HP SIM tables and
views, along with read/write access to the HP SIM tables. Changes to the operating data, such as
authorizations, tasks, and collection information, can affect the operation of HP SIM. System data
contains detailed information about the managed systems, some of which might be considered
restricted, including asset information, configuration, and so on. Task data can contain extremely
sensitive data, such as user names and passwords.