Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

201

202

203

204

205

206

207

208

209

210

B.2.5 HP-UX Secure Shell

HP-UX Secure Shell uses hashing to ensure data integrity and provides secure tunneling

features, port forwarding, and an SSH agent to maintain private keys on the client.

HP-UX Secure Shell enables you to securely log into another system over a network, to

execute commands on a remote system, and to move files from one system to another.

HP-UX Secure Shell provides a set of commands that replace insecure commands such

as rlogin, rsh, rcp, ftp, and telnet.

HP-UX Secure Shell also protects a network from the following security hazards:

IP Spoofing A technique used to gain unauthorized access to computers. An

intruder sends messages to a computer with an IP address

indicating that the message is coming from a trusted host.

Eavesdropping Searching a system for passwords, credit card numbers, or business

secrets.

Hijacking A technique used to take over network communication in such a

way that the attacker can inspect and modify data transmitted

between the communicating parties.

For more information, see the HP-UX Secure Shell documentation:

http://www.hp.com/go/hpux-security-docs

Click HP-UX 11i Secure Shell Software.

B.2.6 HP-UX Trusted Computing Services

HP-UX Trusted Computing Services (TCS) provides software support for the Trusted Platform

Module (TPM) option currently available on certain HP blade servers, the BL860C and

BL870C being two examples. Each TPM chip contains a unique, hidden RSA private key

and algorithms for applying the key to standard cryptographic operations. By

cryptographic wrapping, private keys can be rendered usable only on a specific platform

with a specific embedded TPM. This is useful for ensuring against unauthorized use of

private keys on platforms other than those intended by the key owners. A TCS-generated

key is effectively restricted for use on a single platform.

The TCS package provides an extensive set of library functions for application

development. These library functions have been specified by the Trusted Computing

Group for implementation on a wide range of platform architectures. The TCS package

also includes commands for generating and maintaining TCS keys, and for bulk encryption

of user data. You can find more information on TPM and Trusted Computing at: https://

www.trustedcomputinggroup.org/home.

With TCS installed, TPM protection of private keys becomes available to a number of

applications:

• HP-UX Encrypted Volume File System (EVFS) volumes can be configured to use TCS

keys. With TCS, these volumes can only be decrypted on a specific server with the

202 Other Security Products