Manualshelf

iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Planning the iTP Secure WebServer PATHMON
Environment
iTP Secure WebServer System Administrator’s Guide522659-001
3-7
Other Security Considerations
Other Security Considerations
In addition to the security of the PATHMON environment, the system administrator
should consider the following security requirements before installing the iTP Secure
WebServer:
Protecting the Key Database File (See page 3-7)
Protecting the Server Password (See page 3-7)
Protecting Core Dumps (See page 3-8)
Protecting Transmission of Key Database Files and Core Dumps (See page 3-8)
Protecting the Key Database File
The key database file is the file you specify in commands such as keyadmin and in the
KeyDatabase configuration directive. It contains private keys and public key certificates.
The key database file contains sensitive information that must be protected. The iTP
Secure WebServer protects the database by encrypting it, and by requiring a password to
access it (decrypt it).
One way that you can protect the key database file is by protecting its password (see
Protecting the Server Password
below). You also should protect the key database file by
ensuring that it has the correct file permissions. The file should be owned by the user
name under which the server is run and set to mode 600, giving read/write access only to
that user.
A second way to protect the key database file is by keeping it properly backed up. Back
up the file every time there is a change to it. Keep the backup in a place that is as safe as
your needs require (according to how valuable your data is). For some customers,
keeping a backup tape in the same building as the server machine is sufficient. For other
customers, a backup should be kept in another location (for example, in another
building) in case the original file is destroyed and a replica is needed immediately.
As your security requirements dictate, consider controlling access to the room in which
backups are made and stored and the means by which they are transported physically
and/or electronically (if applicable).
You also must protect the server machine itself, since it contains the key database file.
According to your security requirements, consider physically protecting the room in
which the server is located and also restricting access to the server through its network
connections.
Protecting the Server Password
The key database file is encrypted with a password that you specify by using the
keyadmin utility. The iTP Secure WebServer must decrypt the file at runtime to gain
access to the file’s stored information. Use the ServerPassword configuration directive
to assign the server a password.