Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

201

202

203

204

205

206

207

208

209

210

correct TPM chip. Procedures are provided for encrypted volume backup and

configuration of ServiceGuard clustering when TCS keys are employed.

• HP-UX SecureShell now contains support for utilization of TCS keys for servers

establishing encrypted sessions with remote clients. This prevents a SecureShell

server from being easily transferred to another platform.

• With HP-UX OpenSSL, TCS key protection can be easily integrated into applications

that rely on OpenSSL for cryptographic operations. The Stunnel product available

with Internet Express provides a solid example of how TCS keys can be integrated

through OpenSSL. An application server employing Stunnel to establish encrypted

sessions can utilize TCS keys through Stunnel.

For more information, see the HP-UX TCS documentation:

http://www.hp.com/go/hpux-security-docs

Click HP-UX Trusted Computing Services (TCS) Software.

B.2.7 HP-UX Whitelisting

HP-UX Whitelisting (WLI) protects the system from unexpected downtime and

denial-of-service by preventing inadvertent or illegitimate changes to the critical system

files. It also protects files from unauthorized access by granting permissions only to the

authorized applications, irrespective of the user (uid) executing the application. WLI is

a cryptographic key-based product. Whitelisting security features are based on RSA key

ownership and encryption technology. The authorization is provided by policies along

with the traditional Discretionary Access Control(DAC). WLI security features are imposed

through RSA signatures and enforced through signature verification. Therefore, regular

files and directories may be protected from access by any user including super user.

For more information, see the HP-UX Whitelisting documentation:

http://www.hp.com/go/hpux-security-docs

Click HP-UX Whitelisting.

B.3 Protecting Identity

In addition to the security products that are discussed in Part III Protecting Identity, the

following security products offer additional identity protection.

B.3.1 HP-UX AAA Server (RADIUS)

The HP-UX AAA Server utilizes the industry standard Remote Authentication Dial-In User

Service (RADIUS) protocol and Extensible Authentication Protocol (EAP) to provide

standards-based user authentication, authorization, and accounting services to network

devices and software applications.

The HP-UX AAA Server can be utilized for securing wired and wireless LAN access,

provide authentication and accounting for Virtual Private Network (VPN) gateways,

firewalls and other network devices, and to enhance the security of RADIUS-enabled

software applications in Enterprise and Service Provider environments.

For more information, see the HP-UX AAA Server documentation:

B.3 Protecting Identity 203