Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

201

202

203

204

205

206

207

208

209

210

Glossary

3DES Triple Data Encryption Standard. A symmetric key block encryption algorithm that encrypts data

three times, using a different 56-bit key each time (168 bits used for keys). 3DES is suitable for bulk

data encryption.

AAA server Authentication, Authorization, and Accounting server. An AAA server provides authentication,

authorization, and accounting services of user network access at the entry points to a network.

HP-UX provides AAA servers based on the RADIUS protocol and Diameter Base protocol.

ACL Access Control List. A list or database that defines what resources users or other principals can

access, and the type of access allowed.

AES Advanced Encryption Standard. A symmetric key block encryption algorithm. HP-UX IPSec supports

AES with a 128-bit key. AES is suitable for bulk data encryption.

AH Authentication Header. The AH provides data integrity, system-level authentication and can provide

antireplay protection. AH is part of the IPsec protocol suite.

asymmetric

key

cryptography

See public key cryptography.

auditing The selective recording of events for the analysis and detection of security breaches. The HP-UX

auditing system provides a mechanism to audit users and processes.

authentication

The process of verifying the identity of a subject (a user, host, device or other entity in a computer

network). Authentication is often a prerequisite to allowing access to resources in a system.

Alternatively, the process of verifying the integrity of data, or the identity of the party that sent data.

Authentication Header

See AH.

authorization The process of evaluating access control information and determining if a subject (a user, host,

device, or other entity in a computer network) is allowed to perform an operation on a particular

resource, or object. Authorization is typically performed after a subject's identity is authenticated.

In the context of RBAC, authorization specifically refers to the pairing of an operation with an

object, and is also referred to as permission. See RBAC.

Bastille HP-UX Bastille is a system hardening and reporting program that enhances the security of the HP-UX

operating system by consolidating essential hardening and lock-down checklists from industry and

government security organizations, and making them accessible to administrators in an easy to use

package.

bastion host A computer system that protects an internal network from intruders. See also firewall and hardened

system.

buffer overflow

attack

A method to attack a system by causing process errors, or by causing a process to execute malicious

code. This is typically achieved by overflowing an input buffer in the stack. This causes a memory

violation or other error that causes the process to terminate, or causes the process to execute

malicious code. See also stack buffer overflow attack.

CA Certificate Authority. A trusted third-party that authenticates users and issues certificates. In addition

to establishing trust in the binding between a user's public key and other security-related information

in a certificate, the CA digitally signs the certificate information using its private key.

205